Is there a way to scan for free IPs on the network? I use nmap -sP 192.168.1.0/24
but this actually shows hosts that are up.
Nmap: find free IPs from the range
nmap
Related Topic
- How to use nmap to ping domains and get the output as domains and not IPs
- Removing new fingerprint detection message from nmap
- Nmap does not find alive hosts with ping scan
- Nmap repeats the scan to a specific port multiple time
- Linux – reliable way to detect OS of the network hosts from linux workstation
- Netstat vs nmap to find IPs in a local network
- Nmap – Resolving IP to Hostname Failures
Best Answer
Using Nmap like this is a fairly accurate way of doing what you asked, provided that some preconditions are true:
In order to get the "available" addresses, you need to get the list of addresses that Nmap reports as "down." You can do this with a simple awk command:
Summary of Nmap options used:
-v
option, Nmap will print the addresses it finds as "down" in addition to the ones that are "up".-sP
, I've substituted the newer spelling-sn
, which still accomplishes the same scan, but means "skip the port scan" instead of the misleading "Ping scan" (since the host discovery phase does not necessarily mean an ICMP Echo scan or Ping).-n
option skips reverse DNS lookups, which buys you a bit of time, since you aren't interested in names but just IP addresses.-oG
option tells Nmap to output grepable format, which is easier for awk to process. The argument "-
" tells it to send this output to stdout.The awk command then searches for "Status: Down" and prints the second field, containing the IP address.
Of course, if you have access to the switch's running configs or the DHCP server's leases, you could get this answer much more authoritatively without doing a scan that could set off security alarms.