List all used IP addresses in a network

nmap - Network exploration tool and security / port scanner - allows to scan an entire network and list all used or assigned IP addresses in a private network. This post shows a little example.

First we need to install:

sudo apt-get install nmap

Second we scan and list with the option -sL.

The list scan is a degenerate form of host discovery that simply lists each host of the network(s) specified, without sending any packets to the target hosts. By default, Nmap still does reverse-DNS resolution on the hosts to learn their names. .. Nmap also reports the total number of IP addresses at the end. The list scan is a good sanity check to ensure that you have proper IP addresses for your targets. ..

Replace with your broadcast IP, if you want to try it yourself.

nmap -sL > nmap.out

The output is written to the file nmap.out. It has (simplified and truncated) following lines:

tan@cinhtau:~$ cat nmap.out
Starting Nmap 6.40 ( http://nmap.org ) at 2015-10-14 21:25 CEST
Nmap scan report for
Nmap scan report for dsldevice.home (
Nmap scan report for TanVinhsiPhone.home (
Nmap scan report for omega.home (
Nmap scan report for
Nmap scan report for pelion.home (
Nmap scan report for
Nmap done: 256 IP addresses (0 hosts up) scanned in 4.12 seconds

To get only the interesting information (IP addresses, that have host names) we can use awk with its regex capability. The regex searches simply for the term with alphabetical letters, instead of the IP address. The host name is in the fifth field and the IP address is in the last field.

tan@cinhtau:~$ cat nmap.out | awk '/Nmap scan report for [a-zA-z]/ {print $5 " " $NF}'
dsldevice.home (
TanVinhsiPhone.home (
omega.home (
pelion.home (