Get a list of all computers on a network w/o DNS
Solution 1
Nmap is good for this - use the -O option for OS fingerprinting and -oX "filename.xml" for output as xml that you can then parse from c#.
A suitable commandline would be (where 192.168.0.0/24 is the subnet to scan):
nmap -O -oX "filename.xml" 192.168.0.0/24
leave out the -O if you aren't interested in guessing the OS - if you just want a ping sweep use -sP, or read the docs for the myriad other options.
Solution 2
To expand on what Unkwntech has said -
You can also do a "broadcast" ping to avoid having to ping each IP address individually.
Immediately after than you can use "arp" to examine the ARP cache and get a list of which IP addresses are on which MAC address.
Solution 3
Ping everything in the rage, then you can get netbios info from the systems that respond to identify it's name.
Solution 4
In one of my web app I used the NetApi32 function for network browsing.
AlexeyMK
I am a recent CS graduate from the University of Pennsylvania, currently freelancing in the Bay Area. Feel free to reach out if you've got an interesting project you think I could help with. More at about.alexeymk.com.
Updated on June 08, 2022Comments
-
AlexeyMK almost 2 years
Greetings,
I need a way (either via C# or in a .bat file) to get a list of all the computers on a given network. Normally, I use "net view", but this tends to work (from my understanding) only within your domain. I need the names (or at least the IP Addresses) of all computers available on my network.
Being able to get all computers on a domain that isn't mine (in which case I'd use WORKGROUP, or whatever the default is) would also work.
-
AlexeyMK over 15 yearsTwo questions: 1. What if its a huge range? Any alternatives? 2. How exactly do I do the netbios thing?
-
UnkwnTech over 15 yearsI don't know how to do the netbios, but I know it will work, second if there is a large range then only wait for one packet at each destination, and use a fairly low timeout.
-
AlexeyMK over 15 yearsThat looks quite promising. Is the command line interface powerful enough to be used for getting a list of comps programmatically?
-
Arthur Ulfeldt over 15 yearsYes certainly - I've updated my answer with a few further details
-
AlexeyMK over 15 yearsThanks! I'll see if this will work for us (security reasons, bringing in additional third-party apps, etc) but this is indeed the best answer. What would the full command be? From reading the comments, it appears to be nmap -sL -O -oX "filename.xml" - does that sound right?
-
AlexeyMK over 15 yearsWe'll see - I do want to build it on my own, also wanted to leave a ready 'just use these parameters' for future viewers who will, hopefully, be able to just download and copy-paste without getting into the documentation. I see what you mean, though.
-
Arthur Ulfeldt over 15 years-sL just does a reverse dns on all hosts without actually scanning them. I think it depends on how far you want to take it - simple Netbios resolution is going to give you some info, but if you want to take into account other OS or firewalled PCs nmap is going to do a much more thorough job.
-
AlexeyMK over 15 yearsOk, accepting this answer - I think its more likely to be used by future readers. Thanks1
-
AlexeyMK over 15 yearsVery, very interesting. Can you explain how this works please?
-
Kris Erickson almost 13 yearsThe original source and article: codeproject.com/KB/IP/ListNetworkComputers.aspx
-
Oxymoron almost 8 yearsTo get the hostname at an IP you can use nslookup