Today I found myself reconfiguring a wireless access point I hadn’t used in a very long time. I no longer have the manual (so I could reset it to factory defaults) nor do I remember what the obscure IP address I configured it with was. Luckily I do know what network it’s setup for ( 192.168.1.x ) but I don’t want to have to try to connect to all 254 IP addresses (192.168.1.1 through 192.168.1.254) as that would take quite some time. So what I’m going to do is use Nmap a swiss army knife for network operators and system admins. What we’re going to do is use Nmap to scan the entire network and tell us which IP addresses are active. This will allow us to drastically reduce the number of IP addresses we have to try. There are Nmap versions for all three major OS’s *nix, OS X and Windows. I’ll be showing you the syntax for the *nix/OS X version.
nmap -sP 192.168.1.0/24
replace 192.168.1.0/24 with whatever network it is you’re trying to scan.
The /24 is the netmask of the network in CDIR notation. If you need a cheat sheet you can find one here
Once you press return (or enter) Nmap will start to work pinging each and every IP address on your network and noting which ones respond and which don’t. (Note that if your device has a firewall that discards ping requests it will appear to be down to this scan)
You’ll quickly get an output similar to the following
Starting Nmap 4.50 ( http://insecure.org ) at 2008-08-19 10:15 PDT HOST 192.168.1.25 appears to be up. MAC Address: 0:0F:1F:4C:0B:E6 (WW Pcba Test) Nmap finished: 256 IP addresses (3 hosts up) scanned in 5.711 seconds
As always let me know what you think of this post and post any questions you may have to the comments.