3

Greetings,

I need a way (either via C# or in a .bat file) to get a list of all the computers on a given network. Normally, I use "net view", but this tends to work (from my understanding) only within your domain. I need the names (or at least the IP Addresses) of all computers available on my network.

Being able to get all computers on a domain that isn't mine (in which case I'd use WORKGROUP, or whatever the default is) would also work.

AlexeyMK
  • 6,245
  • 9
  • 36
  • 41
  • Check this solution http://stackoverflow.com/questions/2557551/how-get-list-of-local-network-computers/2562302#2562302 – KindDragon Apr 02 '10 at 10:31

4 Answers4

7

Nmap is good for this - use the -O option for OS fingerprinting and -oX "filename.xml" for output as xml that you can then parse from c#.

A suitable commandline would be (where 192.168.0.0/24 is the subnet to scan):

nmap -O -oX "filename.xml" 192.168.0.0/24

leave out the -O if you aren't interested in guessing the OS - if you just want a ping sweep use -sP, or read the docs for the myriad other options.

Whisk
  • 3,287
  • 2
  • 30
  • 30
  • That looks quite promising. Is the command line interface powerful enough to be used for getting a list of comps programmatically? – AlexeyMK Sep 19 '08 at 21:20
  • Yes certainly - I've updated my answer with a few further details – Whisk Sep 19 '08 at 21:22
  • Thanks! I'll see if this will work for us (security reasons, bringing in additional third-party apps, etc) but this is indeed the best answer. What would the full command be? From reading the comments, it appears to be nmap -sL -O -oX "filename.xml" - does that sound right? – AlexeyMK Sep 19 '08 at 21:24
  • This is a good solution if you don't mind using nmap, I assumed in my answer that you wanted to build it on your own. – UnkwnTech Sep 19 '08 at 21:25
  • 1
    We'll see - I do want to build it on my own, also wanted to leave a ready 'just use these parameters' for future viewers who will, hopefully, be able to just download and copy-paste without getting into the documentation. I see what you mean, though. – AlexeyMK Sep 19 '08 at 21:37
  • -sL just does a reverse dns on all hosts without actually scanning them. I think it depends on how far you want to take it - simple Netbios resolution is going to give you some info, but if you want to take into account other OS or firewalled PCs nmap is going to do a much more thorough job. – Whisk Sep 19 '08 at 21:43
  • Ok, accepting this answer - I think its more likely to be used by future readers. Thanks1 – AlexeyMK Sep 19 '08 at 21:49
2

To expand on what Unkwntech has said -

You can also do a "broadcast" ping to avoid having to ping each IP address individually.

Immediately after than you can use "arp" to examine the ARP cache and get a list of which IP addresses are on which MAC address.

Alnitak
  • 334,560
  • 70
  • 407
  • 495
1

Ping everything in the rage, then you can get netbios info from the systems that respond to identify it's name.

UnkwnTech
  • 88,102
  • 65
  • 184
  • 229
  • Two questions: 1. What if its a huge range? Any alternatives? 2. How exactly do I do the netbios thing? – AlexeyMK Sep 19 '08 at 21:16
  • I don't know how to do the netbios, but I know it will work, second if there is a large range then only wait for one packet at each destination, and use a fairly low timeout. – UnkwnTech Sep 19 '08 at 21:19
  • To get the hostname at an IP you can use nslookup – Oxymoron Jul 04 '16 at 04:22
1

In one of my web app I used the NetApi32 function for network browsing.

Code: http://gist.github.com/11668

EricSch
  • 1,808
  • 2
  • 13
  • 14