I want to detect number of online (which has ping successful) machines in network.
with two conditions
1) Don't know its workgroup/Domain (there may be possibility two machines have different workgroups)
2) Don't know its IP address or MAC address.
In short, it should returns all machines (ip addresses) in same networks (say same LAN).
Try using nmap you can give it a rang and even port
Edit: plan of attack would be running the ping command on an IP range and mark the IP's that responded. Hope that's not stating the obvious. There's a Ping Class in .Net, as seen here: https://github.com/Simran/nmap-csharp/blob/master/nmap-csharp/Main.cs
It's a lot of code so didn't post it.
The other comment suggesting nmap is on the money. It uses many different techniques to determine if a host is online or not. A ping can fail on otherwise "online" hosts depending on firewall settings. If the criteria for "online" is "responds to ping", please check this out: find all ip address in a network
Related
When I do ping www.google.com the protocol ICMP does a DNS lookup and send a echo request to the google IP. When google responds, another dns lookup happens?
And if I do ping -n www.google.com do I save time but not performing the two dns lookups?
the protocol ICMP does a DNS lookup
This is incorrect. ICMP, like IP deals with addresses. When you use names, applications (that is the ping program) will query the OS to translate the name to an IP.
This mapping may be done in different way and the DNS is only one among others. On Unix systems, see the /etc/nsswitch.conf file that dictates how various things should be resolved, like hostsnames. Typically it is at least a mix of the content of the /etc/hosts file and DNS queries.
So once the ping program, typically using getaddringo OS class has resolved the name to an IP address, then it starts using the ICMP protocol towards that address.
When google responds, another dns lookup happens?
No, why should it? Again, when ICMP happens we are already and now solely in a world of addresses, there are no names there.
do I save time but not performing the two dns lookups?
Yes, probably, but just once (DNS uses caches) and the difference will be marginal and lost normally in many other things.
But the interesting question is why do you have this question, I mean what do you try to attempt going that way? Note that ping (because it uses ICMP) is a poor troubleshooting tool as ICMP traffic is often configured very differently in networks than IP traffic.
(And you should not use www.google.com as an anchor for tests, have a look at RIPE anchors instead for example, but again it depends a lot on what is your true underlying problem here).
Is it possible to ping mininet ip? I found mininet's ip starts with 10.0.2.15 . I can ping from mininet to others. However, I failed to ping other place to mininet. How can I setup this?
10.0.0.0/8, which is 10.0.0.0 - 10.255.255.255 are IP addresses used only locally, they are not accessed from the internet (other networks). Here is some info from IANA:
These addresses are in use by many millions of independently operated networks, which might be as small as a single computer connected to a home gateway, and are automatically configured in hundreds of millions of devices. They are only intended for use within a private context and traffic that needs to cross the Internet will need to use a different, unique address.
These addresses can be used by anyone without any need to coordinate with IANA or an Internet registry. The traffic from these addresses does not come from ICANN or IANA. We are not the source of activity you may see on logs or in e-mail records.
In wireshark I can see Membership Query, general IGMPv2 requests coming over and over from 0.0.0.0 source which suggests ( according to RFC ) machine that hasn't received address yet. My question is how in Linux environment I can find such machine. This query triggers many answers and causes significant network communication slowdown.
When a machine is connected to a network for the first time, it will try to find the DHCP servers in order to get an IP address configuration. Untill then, as you already said, it has no IP address and the only identifier it has is it's MAC address, which is used to keep a comunication alive while it negotiates with the DHCP server (during this period it does not have an IP address until the very last).
Answering your question, you'd find the machine you are looking for making use of the MAC address. If you are on a small network, a manual check (ifconfig) will do it but, if you are on a big one, you better check the ARP table of your switch(es) to have a better idea where it could be.
I'm working on a program that tracks when search engines cannot find important files on my server.
From my computer I typed:
nslookup google.com
and I received 11 IP addresses in return all beginning with 74.125.226
I then tried:
dig google.com
and I still receive the same IP addresses.
When I navigate to here through searching: http://www.iplists.com/google.txt, the number of IP addresses is greater than 10 and that list includes ones starting with 64.249 which also appears in my server log.
Am I using the wrong linux tools to find every IP address associated with google? If so, what tools should I use?
I want to generate the IP address database myself rather than rely on someone's post of IP addresses just in case IP addresses are updated in the future.
The keyword here is GeoDNS: When website/service has many servers around the world (with the main purpose of providing the lowest possible latency to user requests), using GeoDNS it can respond with different IP addresses to DNS queries for the same hostname, based on the locaton of the DNS client that is making the query (of course it will try to respond with the IP address of the closest server).
Basically, there is no way you can retrieve all possible addresses just by querying DNS from one location. Also, google can add/remove/change addresses/servers on daily basis so you probably can never have the definite list (unless google publishes it somewhere).
The real-time example, this might help you:
https://www.whatsmydns.net/#A/www.google.com
Additional reading:
What is the difference between Anycast and GeoDNS / GeoIP wrt HA?
I've been having problems SSHing into my work computer from home. I have been able to succesfully ssh into one of our web servers so I know the ssh daemon is working and my connection is at least allowing some ssh. But when I try to ssh to my work computer it times out.
I went to my University yesterday and I was able to succesfully ssh into both the web server and my work computer. I've looked into our firewall at work to see if there are any blocks on my IP but it isn't blocked.
My ISP is comcast if that helps at all. I've done a few google searches and some comcast customers say that comcast sometimes blocks file sharing ports such as the ssh port (22).
Any help would be appreciated. Thanks.
First check the /etc/hosts.deny file of your work computer. That may contain lines which might suggests that certain IP may be blocked. Then check /etc/hosts.allow file. You can add your home-computers outgoing IP to your work computers /etc/hosts.allow.
NOTE: This question should belong to superusers or serverfault. stackoverflow is for questions that involves coding...
There is not one single "ssh daemon"... there is one running on each host to which you connect successfully. If you cannot connect to a host there are two primary reasons:
There is no SSH daemon running on the host. In that case you will likely get "connection refused"
There is a firewall between you and the host, and it is not allowing port 22 to pass through. In that case you will likely get timeouts.
If you are trying to connect to a host behind a firewall from "outside", as you suggest, it is extremely likely that host is not reachable from the Internet. If the IP address of the "work computer" looks like 192.168.x.x or 172.[16-31].x.x or 10.x.x.x then it is an unroutable private address and you will not be able to reach it from the outside no matter what you do unless a specific port-forwarding rule is set up on the firewall; in that case you would be connecting to the firewall's IP address, not your target host.