What is the equivalent to:
iwlist wlan0 scan
to see who (what computers and smartphones) are around me? Maybe putting the card into monitor mode before doing it.
Asked
Active
Viewed 2.2k times
6 Answers
14
You can also install the tool fing and do a network discovery using this tool. It available as a RPM/DEB, that you can just install standalone. The makers of this tool also make FingBox, which is a mobile application for doing the same thing.
Example
$ sudo fing
20:59:54 > Discovery profile: Default discovery profile
20:59:54 > Discovery class: data-link (data-link layer)
20:59:54 > Discovery on: 192.168.1.0/24
20:59:55 > Discovery round starting.
20:59:55 > Host is up: 192.168.1.20
HW Address: 00:26:C7:85:A7:20 (Intel)
Hostname: greeneggs.bubba.net
...
...
-------------------------------------------------------------------------------
| State | Host | MAC Address | Last change |
|-----------------------------------------------------------------------------|
| UP | 192.168.1.1 | 00:18:51:4X:XX:XX | |
| UP | 192.168.1.2 | 00:25:22:1X:XX:XX | |
| UP | 192.168.1.3 | 00:19:D1:EX:XX:XX | |
| UP | 192.168.1.4 | 00:A0:CC:3X:XX:XX | |
...
Don't let this tools simplicity fool you though. You can output the contents into csv files as well as html files:
$ sudo fing -n 192.168.1.0/24 -o table,html,blah.html
Then view it:
$ elinks blah.html
To write out the results in CSV format:
$ sudo fing -o log,text log,csv,my-network-log.csv
To discover a specific block of IPs you can explicityly tell fing what IP block to scan:
$ sudo fing -n 192.168.1.0/24
Scanning wireless AP's
To see what IP's are on a given access point's (AP) network you have to actually be a participant on that network. You can however sit and passively listen to machines that are actively seeking out an access point. One tool that can assist with this endeavor is Kismet.
excerpt from FAQ
- What is Kismet
Kismet is an 802.11 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring mode, and can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic (devices and drivers permitting).
Kismet also sports a plugin architecture allowing for additional non-802.11 protocols to be decoded.
Kismet identifies networks by passively collecting packets and detecting networks, which allows it to detect (and given time, expose the names of) hidden networks and the presence of non-beaconing networks via data traffic.
NetworkManager & scanning APs
As would make sense you can also scan for access points using NetworkManager. Actually it's doing this automatically when you use it to manage your network devices (specifically your WiFi device).
You can query NetworkManager via the command line (nmcli) and find out what access points are available.
$ nmcli -p dev wifi list
Example
$ nmcli -p dev wifi list
==========================================================================================================================
WiFi scan list
==========================================================================================================================
SSID BSSID MODE FREQ RATE SIGNAL SECURITY ACTIVE··
--------------------------------------------------------------------------------------------------------------------------
'dlink' XX:24:XX:DA:XX:44 Infrastructure 2462 MHz 54 MB/s 31 WEP no······
'ASUS' XX:AE:XX:E9:XX:33 Infrastructure 2462 MHz 54 MB/s 32 -- no······
'none_of_your_business_3' XX:46:XX:47:XX:22 Infrastructure 2437 MHz 54 MB/s 81 WPA WPA2 yes·····
'none_of_your_business_1' XX:22:XX:03:XX:11 Infrastructure 2437 MHz 54 MB/s 75 WPA WPA2 no······
'VR_Guest1' XX:46:XX:47:XX:00 Infrastructure 2437 MHz 54 MB/s 80 WPA WPA2 no······
References
slm
- 369,824
2
In such situations, I usually do
nmap 192.168.x.0/24 > LAN_scan.txt
Where x should be replaced by your actual subnet. Also, /24 is meant to represent the net mask. Modify according to your LAN settings.
This should perform a port scan on your local network. It will return a list of devices connected, which ports they have opened and which services they have on the open ports, etc...
nmap can sometimes identify the OS and the hardware vendor for hosts, too.
Also, the command line above is too simplistic: nmap has many knobs you can fiddle with; consult the man page.
Joseph R.
- 39,549
1
use aircrack-ng suit:
sudo airmon-ng start wlan0
sudo airodump-ng mon0
if you are in the same network: use nmap:
sudo nmap -sn gateway-ip/24
Hackaholic
- 2,051
0
My go-to tool for Wi-Fi analytics is the airomon-ng suite:
airmon-ng start wlan0
And then
airodump-ng mon0
When you're done:
airmon-ng stop mon0
The cheapest, most inobtrusive way to get what you want, though, is to log into the AP and run:
iwlist ath0 peers
As an added benefit this will give you the upstream signal strength, as received by the AP, for each associated client.
Dagelf
- 266
0
One solution, is to ping the broadcast (if you have 192.168.0.N) :
ping -b 192.168.0.255
Gilles Quénot
- 33,867
0
Bear in mind that streamlined user of Linux should use iw ;)
iw dev wlp7s0 scan
Also you can try horst:
iw dev wlp7s0 interface add mon0 type monitor
horst -i mon0
You may adapt to your wireless interface.
HTH
sebelk
- 4,389
nmapon steroids. I immediately downloaded the mobile version to my phone :) – Joseph R. Oct 19 '13 at 01:27nmapis more versatile, but fing has it's places. When I'm at work our firewall will often times block me if I run nmap to see what IPs are on our network, fing doesn't suffer from this. – slm Oct 19 '13 at 01:28nmapfrom where I'm sitting. Not only is the formatting well polished, it's super fast, too. It can even send WakeOnLan packets!! My toolbelt thanks you :) – Joseph R. Oct 19 '13 at 01:30fingmobile app is amazing. Even my non (computer) techie friends at work see a benefit to it. – Joseph R. Jan 18 '14 at 23:09