32

I've got a handful of Macs on my home network, and shell access to only one of them from the outside. How can I figure out what IP address of the other machines are?

Improve this question

9 Answers 9

Reset to default
45

Try arp -a to see your computer's current arp table. It will show only those IP addresses your computer has interacted with. Output like this (obscured a little to hide MAC addresses on my network):

$ arp -a
? (10.1.168.1) at xx:xx:9e:82:ab:f6 on en1 ifscope [ethernet]
? (10.1.168.16) at xx:xx:29:d3:17:8 on en1 ifscope [ethernet]
? (10.1.168.115) at xx:xx:2:4f:76:14 on en1 ifscope [ethernet]
? (10.1.168.131) at xx:xx:6b:d0:36:a5 on en1 ifscope [ethernet]
? (10.1.168.134) at (incomplete) on en1 ifscope [ethernet]
? (10.1.168.137) at xx:xx:65:46:cd:b8 on en1 ifscope [ethernet]
? (10.1.168.255) at ff:ff:ff:ff:ff:ff on en1 ifscope [ethernet]
? (192.168.4.255) at ff:ff:ff:ff:ff:ff on vmnet8 ifscope [ethernet]
? (192.168.110.255) at (incomplete) on vmnet1 ifscope [ethernet]

If you don't have further information on which computer is which, you can gain a little more information by identifying the manufacturers of the network cards through MAC address lookup.

Improve this answer
2
  • 15
    Sorry it took almost 4 years to mark this as correct.
    – Jon Haddad
    Commented Mar 14, 2014 at 17:00
  • 1
    What does it mean "arp -a will show only those IP addresses your computer has interacted with." ? Should I ping the broadcast (192.168.110.255) first and get response from every device and then use arp to get a complete list since I just interacted/pinged all the device?
    – Weishi Z
    Commented Apr 2, 2015 at 23:37
11

Assuming all the other machines are in the same broadcast domain as the one to which you have access, pinging the broadcast address will often suffice. It will not find machines that are asleep, nor those configured to not respond to pings, nor those that will respond to pings but not to broadcast pings.

% ifconfig -a | grep broadcast
        inet 192.168.1.241 netmask 0xffffff00 broadcast 192.168.1.255
% ping -i 5 -c 2 192.168.1.255
PING 192.168.1.255 (192.168.1.255): 56 data bytes
64 bytes from 192.168.1.241: icmp_seq=0 ttl=64 time=0.393 ms
64 bytes from 192.168.1.254: icmp_seq=0 ttl=255 time=2.511 ms (DUP!)
64 bytes from 192.168.1.65: icmp_seq=0 ttl=64 time=5.810 ms (DUP!)
64 bytes from 192.168.1.255: icmp_seq=0 ttl=64 time=7.886 ms (DUP!)
64 bytes from 192.168.1.241: icmp_seq=1 ttl=64 time=0.312 ms

--- 192.168.1.255 ping statistics ---
2 packets transmitted, 2 packets received, +3 duplicates, 0% packet loss
round-trip min/avg/max/stddev = 0.312/3.382/7.886/3.010 ms

The first and last response will almost always be your local machine. The (DUP!) responses are from other machines (though this example also show some machine responding with the broadcast address itself, which is not terribly useful).

You might also try the all-ones broadcast address:

% ping -i 5 -c 2 255.255.255.255
PING 255.255.255.255 (255.255.255.255): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.392 ms
64 bytes from 192.168.1.254: icmp_seq=0 ttl=255 time=3.053 ms (DUP!)
64 bytes from 192.168.1.65: icmp_seq=0 ttl=64 time=8.685 ms (DUP!)
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.319 ms

--- 255.255.255.255 ping statistics ---
2 packets transmitted, 2 packets received, +2 duplicates, 0% packet loss
round-trip min/avg/max/stddev = 0.319/3.112/8.685/3.401 ms

This example shows less cruft. All the (DUP!)s are other machines and the local machine is easily identified as 127.0.0.1.

Improve this answer
10

Your Macs all have hostnames so you shouldn't need to know IP addresses. Instead you'll just use the hostname.

The hostnames are based on whatever name you've given the computer. So if the computer is named "Jon's Mac" the hostname you'll use is something like "jons-mac.local".

$ ssh jons-mac.local

If you don't already know your computers' hostnames then you can find out a computer's hostnames in the sharing preferences on that computer, or you can find out the hostnames of other computers on the network using the dns-sd command. This command uses Bonjour to let you browse network services; you'll only find computers that are actually advertising some network service (which, by and large, are the only ones you care about).

If you want to connect to some computer providing ssh, you can find the available computers using:

dns-sd -B _ssh._tcp .

In general you can search for hosts providing particular services using the service names: http://www.dns-sd.org/ServiceTypes.html

The Bonjour protocol also provides the ability to browse for all services, not just particular ones. You can do this by browsing for the special service _services._dns-sd._udp

dns-sd -B _services._dns-sd._udp .

The question is asking about finding other computers on the network from the command line, but you can also browse dns-sd advertised services in the GUI. For example Terminal.app > New Remote Connection... brings up a window that shows advertised ssh, sftp, ftp, and telnet services.

Improve this answer
2
  • How fast can you expect this command dns-sd -B _ssh._tcp . to take to run?
    – AJP
    Commented Apr 2, 2017 at 7:10
  • 1
    @AJP If there are any ssh services being advertised it should begin returning results immediately. But if by 'finish' you mean exit, it doesn't exit; the command runs a long-lived query and outputs changes continuously as services appear and disappear from the network until you kill it.
    – bames53
    Commented Apr 2, 2017 at 11:15
8

You could try using dns-sd in order to perform Bonjour queries on the LAN.

Improve this answer
1
  • 3
    I love that this answer is OS X specific and hooks into bonjour to avoid getting additional network details I wouldn't care about (in the context of this question). The specific command that worked for my needs was: dns-sd -B _ssh._tcp .
    – stevenhaddox
    Commented Feb 18, 2013 at 13:14
6

Maybe it's a bit of overkill but you could use nmap

Improve this answer
1
  • 3
    While this may answer the question, it would be a better answer if you could provide some explanation why it does so.
    – DavidPostill
    Commented May 2, 2017 at 10:39
4

A quick CLI one liner to step through /24 subnet ping each IP address. Quick and kind of dirty, but it works.

for (( x=1; x <= 254; x++ )); do ping -c 3 192.168.0.$x; done

Explanation: To change the range, change x=1 to x=130, or whatever you want to start at, and 254 to the end, say 135.

for (( x=130; x <= 135; x++ ));

ping -c 3 is send three pings. To change the number of pings change the 3 to something else, and to change the address range, change the 192.168.0 to something else.

do ping -c 30 10.10.0.$x;
Improve this answer
4
  • 1
    you could simply use fping to do this : fping -ag 172.16.0.0/16
    – ıɾuǝʞ
    Commented Aug 22, 2013 at 13:58
  • 1
    This is anything but quick, for me...
    – Max Williams
    Commented Aug 18, 2015 at 15:38
  • It's a Quick and Dirty solution. As in, it's quick to implement in the absence of the correct tools like nmap, and it's not as performant as the correct tools, like nmap. Pinging hosts can take a while when they don't respond, and since this isn't multithreaded, it will take a while when a host doesn't respond. On the plus side, it doesn't require anything besides bash.
    – quinnr
    Commented Jul 29, 2016 at 15:30
  • It's worth noting that some machines don't respond to pings. In particular, modern Windows computers seem to not respond by default.
    – Paul Wintz
    Commented Jun 1, 2023 at 6:45
2

If you know the name of the other computers in the LAN, the simplest way is to ping them:

$ ping foobar

Pinging foobar.lan [192.168.0.25] with 32 bytes of data:

Reply from 192.168.0.25: bytes=32 time<1ms TTL=64
Reply from 192.168.0.25: bytes=32 time<1ms TTL=64

This may depend on your local router or DHCP server. If the bare hostname doesn't work, try appending .local (ie, ping hostname.local).

Obviously this doesn't work well for large LANs or people with poor memories.

Improve this answer
1

If you're using Macs, (assuming 10.5 or greater,) just enable VNC for desktop access and use Flame.app.

http://husk.org/apps/flame/

It's a really nice little utility that gives you exactly what you need, really quickly. The only thing is that you would have to go farther than SSH.

Improve this answer
1

For Windows:

1) Write: for /L %I in (1,1,254) DO ping -w 30 -n 1 168.29.0.%I This will ping all addresses in your local network

2) Then write: arp -a This will give you all addresses that answered

Improve this answer
3
  • Of course it depends on your local network address.In my case it is 168.29.0.xxx. Yours might be something like 192.168.0.xxx
    – Chavdar
    Commented Mar 28, 2014 at 13:51
  • 1
    Your answer is based on Windows while the OP stated he is using a Mac. Can you edit your question to take this into account or state if your solution would work on a Mac.
    – Matthew Williams
    Commented Mar 28, 2014 at 14:04
  • Every MAC user has a Windows OS sitting around... You cannot live without it... :D
    – user2173353
    Commented Apr 2, 2015 at 15:02

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .