ansaurus

Question

Get a list of all computers on a network w/o DNS

Answer 1

+1 A:

Ping everything in the rage, then you can get netbios info from the systems that respond to identify it's name.

Unkwntech 2008-09-19 21:15:49

Two questions: 1. What if its a huge range? Any alternatives?2. How exactly do I do the netbios thing?

AlexeyMK 2008-09-19 21:16:51

I don't know how to do the netbios, but I know it will work, second if there is a large range then only wait for one packet at each destination, and use a fairly low timeout.

Unkwntech 2008-09-19 21:19:39

Answer 2

+6 A:

Nmap is good for this - use the -O option for OS fingerprinting and -oX "filename.xml" for output as xml that you can then parse from c#.

A suitable commandline would be (where 192.168.0.0/24 is the subnet to scan):

nmap -O -oX "filename.xml" 192.168.0.0/24

leave out the -O if you aren't interested in guessing the OS - if you just want a ping sweep use -sP, or read the docs for the myriad other options.

Whisk 2008-09-19 21:17:28

That looks quite promising. Is the command line interface powerful enough to be used for getting a list of comps programmatically?

AlexeyMK 2008-09-19 21:20:30

Yes certainly - I've updated my answer with a few further details

Whisk 2008-09-19 21:22:13

Thanks! I'll see if this will work for us (security reasons, bringing in additional third-party apps, etc) but this is indeed the best answer. What would the full command be? From reading the comments, it appears to be nmap -sL -O -oX "filename.xml" - does that sound right?

AlexeyMK 2008-09-19 21:24:52

This is a good solution if you don't mind using nmap, I assumed in my answer that you wanted to build it on your own.

Unkwntech 2008-09-19 21:25:03

We'll see - I do want to build it on my own, also wanted to leave a ready 'just use these parameters' for future viewers who will, hopefully, be able to just download and copy-paste without getting into the documentation. I see what you mean, though.

AlexeyMK 2008-09-19 21:37:56

-sL just does a reverse dns on all hosts without actually scanning them. I think it depends on how far you want to take it - simple Netbios resolution is going to give you some info, but if you want to take into account other OS or firewalled PCs nmap is going to do a much more thorough job.

Whisk 2008-09-19 21:43:22

Ok, accepting this answer - I think its more likely to be used by future readers. Thanks1

AlexeyMK 2008-09-19 21:49:38

Answer 3

+1 A:

In one of my web app I used the NetApi32 function for network browsing.

Code: http://gist.github.com/11668

EricSch 2008-09-19 22:16:26

Very, very interesting. Can you explain how this works please?

AlexeyMK 2008-09-21 09:01:20

Answer 4

A:

To expand on what Unkwntech has said -

You can also do a "broadcast" ping to avoid having to ping each IP address individually.

Immediately after than you can use "arp" to examine the ARP cache and get a list of which IP addresses are on which MAC address.

Alnitak 2008-09-22 12:30:41

ansaurus

tags:

views:

answers:

Get a list of all computers on a network w/o DNS

related questions