The simplest way I can do is use ping, I can send a broadcast packet to everyone in a subnet, so that they can response back. Let say I am in subnet of 192.168.0.x and the broadcast IP is 192.168.0.255, I can do this:
ping -b 192.168.0.255
How I know the broadcast IP is 192.168.0.255? I can check with ifconfig.
ifconfig eth0 | grep Bcast
Some routers are configured to filter broadcast and multicast packets to prevent broadcast storm, if so, broadcast is useless.
So what are the alternatives way?
I can ping the IP one by one with a line of bash script.
The result will look like this:
--- 192.168.0.1 ping statistics ---
--- 192.168.0.2 ping statistics ---
--- 192.168.0.3 ping statistics ---
--- 192.168.0.4 ping statistics ---
64 bytes from 192.168.0.5: icmp_seq=1 ttl=249 time=11.0 ms
--- 192.168.0.5 ping statistics ---
64 bytes from 192.168.0.6: icmp_seq=1 ttl=248 time=12.3 ms
--- 192.168.0.6 ping statistics ---
--- 192.168.0.7 ping statistics ---
--- 192.168.0.8 ping statistics ---
--- 192.168.0.9 ping statistics ---
--- 192.168.0.10 ping statistics ---
--- 192.168.0.11 ping statistics ---
Let me explain the ping options I use, -c (count) indicates how many attempt of ping for a single IP, -W specified the timeout in second, ping will waits until timeout to declare the attempt is fail.
From the sample results, I discovered 192.168.0.5 and 192.168.0.6.
Due to the limitation of ping, I can’t specified the timeout less than 1 seconds, to scan a class C LAN, it may takes up 255 seconds, which is extremely slow.