Scan for available IP addresses

How do you connect to a device on your local network when you know a valid user name and password but the machine:

• Is not in your DNS system so you can’t get to it using a host name
• Has a static IP address that’s assigned on the machine itself - but you don’t know what the address is

The answer is you need to use trial and error to find and IP address that asks you for a user name and password and when you plug in the user name and password you know are valid you get a connection.

This is a whole lot quicker if the machine accepts ping requests (which are basically little “hello, anyone there?” messages fired at a computer, to which the machine answers “yup,” if it wants to, and your computer tells you how long it took to get a response).

If you don’t already have a network scanner* installed, here’s a little shell script you can run from a Windows command prompt. Fire up the command console (cmd.exe) and enter this (changing the bits in red to suit yourself):

SET fl=c:\Alistair\ipaddresses.txt & ECHO =================================================== >> %fl% & ECHO.%date% %time% >> %fl% & FOR /L %i IN (0,1,255) DO ping -n 1 192.168.0.%i | FIND /i "Reply" | FIND /i /v "unreachable" >> %fl%

In the above:

• c:\Alistair\ipaddresses.txt is the path to the log file where I want to write the IP addresses
• (0,1,255) means set the variable %i to 0 to start with, increment by 1 each time the FOR loop loops and stop after it reaches 255
• 192.168.0.%i is the IP address range (in this case this starts at 192.168.0.0 and ends at 192.168.0.255)

The first FIND command finds all lines of output containing “Reply.” These get passed to the second FIND command which removes any lines that contain “unreachable.” The result is that ping output is only logged where the ping to an IP address was responded to.

The output in the log file looks something like this:

===================================================
28/08/2011  9:22:24.26
Reply from 192.168.0.1: bytes=32 time=24ms TTL=64
Reply from 192.168.0.41: bytes=32 time=82ms TTL=64
Reply from 192.168.0.42: bytes=32 time<1ms TTL=128

A variation on the script is to look for host names for the IP addresses and log these, if found. This takes much longer to run but could be useful if you need to find out what machines on your network can be pinged with their host name:

SET fl=c:\Alistair\ipaddresses.txt & ECHO =================================================== >> %fl% & ECHO.%date% %time% >> %fl% & FOR /L %i IN (0,1,255) DO ping -a -n 1 192.168.0.%i | FINDSTR /i "Pinging.*\[ Reply" | FIND /i /v "unreachable" >> %fl%

Which produces output like this:

===================================================
28/08/2011  9:22:24.26
Reply from 192.168.0.1: bytes=32 time=24ms TTL=64
Reply from 192.168.0.41: bytes=32 time=82ms TTL=64
Pinging rolumus [192.168.0.42] with 32 bytes of data:
Reply from 192.168.0.42: bytes=32 time<1ms TTL=128

In this example, just one of the machines could be reached by a host name: romulus.

Turn it into a batch file

If, for some reason, you can see yourself needing to use this script now and again you might want to save it as a batch file that you can run simply by double-clicking the file in Windows Explorer. Here’s an example of a batch file that runs the second (slower) of the scripts:

@ECHO OFF
REM Created by Alistair 28/8/2011
REM See blog post on this: http://www.itauthor.com/2011/08/28/scan-for-available-ip-addresses/
REM For more batch file commands, see: http://ss64.com/nt/
SET fl=c:\Alistair\ipaddresses.txt
ECHO Scan IP addresses for ones that accept a ping request.
ECHO The output from this batch file is logged in %fl%
ECHO Scanning ...
ECHO =================================================== >> %fl% & ECHO.%date% %time% >> %fl% & FOR /L %%i IN (0,1,255) DO ping -a -n 1 192.168.0.%%i | FINDSTR /i "Pinging.*\[ Reply" | FIND /i /v "unreachable" >> %fl% & ECHO 192.168.0.%%i
ECHO Scan completed. See log file (%fl%) for results.

Just save this as a file with a .bat file name extension (e.g. checkIPaddresses.bat) in a location that doesn’t require Administrator privileges. For example, if you want to run it from your desktop don’t save the batch file to your desktop, save it somewhere like C:\YourStuff\batchFiles\, then create a shortcut and put the shortcut on your desktop.

Network scanners

Be very careful if you’re considering installing a network scanner. There are a lot of port and IP addresses scanners out there and a lot of them are malware. They might do the job OK but they also come with viruses, so watch out. There are infected/corrupted versions of reputable scanners, so don’t assume something is OK just because you’ve read good stuff about it, unless you are completely confident you’re getting the kosher version of it.

More information

A good source of information about Windows shell commands is: http://ss64.com/nt/