views:

1801

answers:

4

Greetings,

I need a way (either via C# or in a .bat file) to get a list of all the computers on a given network. Normally, I use "net view", but this tends to work (from my understanding) only within your domain. I need the names (or at least the IP Addresses) of all computers available on my network.

Being able to get all computers on a domain that isn't mine (in which case I'd use WORKGROUP, or whatever the default is) would also work.

Your help much appreciated :).

Alexey

+1  A: 

Ping everything in the rage, then you can get netbios info from the systems that respond to identify it's name.

Unkwntech
Two questions: 1. What if its a huge range? Any alternatives?2. How exactly do I do the netbios thing?
AlexeyMK
I don't know how to do the netbios, but I know it will work, second if there is a large range then only wait for one packet at each destination, and use a fairly low timeout.
Unkwntech
+6  A: 

Nmap is good for this - use the -O option for OS fingerprinting and -oX "filename.xml" for output as xml that you can then parse from c#.

A suitable commandline would be (where 192.168.0.0/24 is the subnet to scan):

nmap -O -oX "filename.xml" 192.168.0.0/24

leave out the -O if you aren't interested in guessing the OS - if you just want a ping sweep use -sP, or read the docs for the myriad other options.

Whisk
That looks quite promising. Is the command line interface powerful enough to be used for getting a list of comps programmatically?
AlexeyMK
Yes certainly - I've updated my answer with a few further details
Whisk
Thanks! I'll see if this will work for us (security reasons, bringing in additional third-party apps, etc) but this is indeed the best answer. What would the full command be? From reading the comments, it appears to be nmap -sL -O -oX "filename.xml" - does that sound right?
AlexeyMK
This is a good solution if you don't mind using nmap, I assumed in my answer that you wanted to build it on your own.
Unkwntech
We'll see - I do want to build it on my own, also wanted to leave a ready 'just use these parameters' for future viewers who will, hopefully, be able to just download and copy-paste without getting into the documentation. I see what you mean, though.
AlexeyMK
-sL just does a reverse dns on all hosts without actually scanning them. I think it depends on how far you want to take it - simple Netbios resolution is going to give you some info, but if you want to take into account other OS or firewalled PCs nmap is going to do a much more thorough job.
Whisk
Ok, accepting this answer - I think its more likely to be used by future readers. Thanks1
AlexeyMK
+1  A: 

In one of my web app I used the NetApi32 function for network browsing.

Code: http://gist.github.com/11668

EricSch
Very, very interesting. Can you explain how this works please?
AlexeyMK
A: 

To expand on what Unkwntech has said -

You can also do a "broadcast" ping to avoid having to ping each IP address individually.

Immediately after than you can use "arp" to examine the ARP cache and get a list of which IP addresses are on which MAC address.

Alnitak