listing hosts on LAN

Hi, I'm wondering if someone can explain how to find all the other hosts on my LAN from the linux terminal. When I was on my home router I just used arp -a and it listed my router plus all the computers my family uses. I tried it here at school though and all it gives me is the router for the dorm. When I go open ettercap however and scan for hosts it lists a whole bunch so I know there are other computers connected; how can I get these by myself from the terminal?

Secondly, when I do the arp -a command at home it lists the IP address and the computer name or something like Toshiba User. Here I can't seem to be able to get anything except the IP. I've tried numerous things like ping and finger and nslookup and can't figure out how I would resolve the IP.

Thanks for the help.

Edit: I should clarify, when I do the nslookup of an IP on my network all I get back is the name of the router like this
"dormname.resnet.school.edu"

running the command "arp -a" (from either windows, mac, linux, *BSD, etc) will dump the local ARP tables.

The arp tables are built on demand (you won't have entries listed to computers you're not communicating with) and they allow you to communicate with nodes over _Ethernet_ (MAC routing) via referencing "Private" IP addresses. All routing in a LAN broadcast segment is done via Ethernet (yeah, that protocol originally designed by xerox and others).

Basically when you want to send something to a node on your LAN (router, another computer, a network printer, etc) your computer sends out a broadcasted ARP request saying "hey, i wan't to send something to '192.168.1.25', what's their MAC address so i can send it to them?" then when the proper node picks it up it will respond with a unicast packet that basically says "Hey, i'm '192.168.1.25, and heres my MAC address so you can send that to me'".

When Ettercap does a "host scan" what it's really doing, is broadcasting out incremental ARP requests that look something like this:

Code: Select all: Who has 192.168.1.2 Who has 192.168.1.3 Who has 192.168.1.4 Who has 192.168.1.5 .............. .............. .............. Who has 192.168.1.254

and it then builds a LAN based host list from the ARP responses it receives.

This is purely an _Ethernet_ broadcast (all ethernet broadcasts end at routers or are segmented by VLANs) so you will only be able to get the ethernet address (MAC addresses) IP address pairs of nodes on you LAN segment.

In order to completely scan a college/corporate network (that is most likely segmented by VLANs and by physical "intranet" routers and bridges ), you'll have to use an IP centric scanner (such as nmap). Seeing how i myself am i man page and cannonical DOC whore, i won't regurgitate what's already been written in authoritative texts. However, i will link you to a man page and a canonical source.

http://linuxmanpages.com/man1/nmap.1.php
http://nmap.org/docs.html

Go read, Go learn, Go Go Go Go Go and stop when your ded, take a nap and Go some more!!!!!! :evil:

Great, thanks for the links to the nmap stuff I will read all of it asap.

One question I still have:
Why do I only get the IP address is for the other computers on my LAN at school and not the computer name? I can't see what difference between my LAN here and LAN at home there is (aside from the number of computers connected) which would cause this.

Thanks for your help thetan.

That's just a hardware branding thing (and annoying at that). You can see the same effect when war driving with kismet. Basically it's some douche bag hardware vendor sending out ascii strings with a company branding.

So your hardware at home is bragging that "yeah that's right my mac is 123456789AB and i'm a Toshiba BITCH!!!!", while the hardware at your school could care less

listing hosts on LAN

listing hosts on LAN

Re: listing hosts on LAN

Re: listing hosts on LAN

Re: listing hosts on LAN

Who is online