Community discussions

MikroTik App
 
robertEIT
Member Candidate
Member Candidate
Topic Author
Posts: 110
Joined: Tue Sep 08, 2015 6:16 pm

Scan subnet and discover all connected hosts be it with IPs by DHCP or static

Fri Apr 29, 2016 1:08 am

Hi,
I tried for hours on the web and in routeros to find the best way to scan a subnet for all active connected hosts showing their hostnames and IPs, be it leased by DHCP or static.

I work with networks in SOHOs where almost all the PCs are getting IPs via DHCP but they also have one or more printers or small servers with static IPs configured and the DHCP > Leases tool helps me a bit but also shows disconnected hosts while Tools > IP Scan shows me all connected hosts but not their hostnames.

Is there a way to scan all subnet and display IPs and hostnames, maybe via command line?
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Scan subnet and discover all connected hosts be it with IPs by DHCP or static

Fri Apr 29, 2016 1:21 am

Not really - at least not with all the bells and whistles you're asking for such as looking for host IDs in DHCP leases.

I will point out that the most reliable scanning tool is an ARP ping scan. Many hosts can have OS-level firewalls active which often refuse to answer pings. But the host can't refuse to answer ARP requests if it wants to actually communicate with other devices, so that's an excellent, reliable way to determine WHICH addresses have hosts actively using them. One thing to note - the ARP ping scan must be done from a device actually connected to that particular LAN segment because ARP is a simple layer 2 (ethernet) broadcast, and can't be forwarded through routers (layer 3 devices).

You could grab a list of hosts that reply to ARP and put them in a spreadsheet, and then go look through the DHCP leases to put names to the hosts where available. (if you can grab the MAC addresses there as well, just sort both groups by MAC and line them up with each other to save some typing)
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
robertEIT
Member Candidate
Member Candidate
Topic Author
Posts: 110
Joined: Tue Sep 08, 2015 6:16 pm

Re: Scan subnet and discover all connected hosts be it with IPs by DHCP or static

Fri Apr 29, 2016 1:40 pm

Not really - at least not with all the bells and whistles you're asking for such as looking for host IDs in DHCP leases.

I will point out that the most reliable scanning tool is an ARP ping scan. Many hosts can have OS-level firewalls active which often refuse to answer pings. But the host can't refuse to answer ARP requests if it wants to actually communicate with other devices, so that's an excellent, reliable way to determine WHICH addresses have hosts actively using them. One thing to note - the ARP ping scan must be done from a device actually connected to that particular LAN segment because ARP is a simple layer 2 (ethernet) broadcast, and can't be forwarded through routers (layer 3 devices).

You could grab a list of hosts that reply to ARP and put them in a spreadsheet, and then go look through the DHCP leases to put names to the hosts where available. (if you can grab the MAC addresses there as well, just sort both groups by MAC and line them up with each other to save some typing)
Let me understand! You're saying the best way is to do an ARP Scan from a device connected to that LAN segment, for example a notebook, not within the Mikrotik? The ARP table in routeros confuses me.

Will nmap do this properly for example?

As far as I understand, if one connected device is set not to respond to icmp ping, it will not appear in Tools > IPscan? Will devices that have static IPs set appear there, considering they do respond to ping?
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Scan subnet and discover all connected hosts be it with IPs by DHCP or static

Fri Apr 29, 2016 4:33 pm

If you use the scan tool in the Mikrotik, it will have the same effect as an ARP scan because the router must ARP for each address before attempting to ping it, right? So what I would suggest is that you do your ping scan, and then on the terminal window, use the command:
/ip arp print where interface=LAN (or whatever interface you're scanning)

That will give you the ARP table for exactly the interface you're looking for. If no MAC address is listed for a given IP, then no host replied to the ARP.
When given a spoon,
you should not cling to your fork.
The soup will get cold.

Who is online

Users browsing this forum: No registered users and 35 guests