Is there a way to see all the computers on a network?
I often connect to hotspots, and I have my own network. In neither case, on WinXP, do I know how to just scan the network to see which computers or shares are on that network.
I first tried in Windows XP SP3 but I don't have a "network neighborhood" so I went to the control panel but all it has is network connections which asks me to set up a network.
I just want to know what computers and shares are on the network.
Looking it up, I found a tool called softperfect network scanner but when I gave it a range of IP addresses around mine it didn't find anything which I find suspect since there were people all around me.
Can you point me in the initial direction to run a freeware tool that will just tell me which networks and shares are on the same network as I am?
Not when your wander with your ONE host to connect to a wifi hotspot. You are just one node in THEIR network.
So why do you want to hack into OTHER user's computers? If the other hosts are properly configured, you won't connect to them. If the hotspot is properly configured, no host can see any other host. Many routers can be configured to allow any host to have Internet access but none of the nodes on that router can connect to each other. Also, the wifi operator can monitor for any host attempting to scan for other hosts.
Firewalls on each host will keep out your attempt to infiltrate their host plus they get alert that someone is attempting to penetrate.
Yeah, we know you want to invade other user's hosts. None of your business. Besides, if you get caught, you are right there to be identified and the victim (either the wifi hotspot operator/owner or the host owner) can then charge you with [attempted] theft ("breaking and entering" since their host is NOT your property).
Aw, too bad. You can't infilitrate someone else's property. Is this an activity that you actually have time on which to waste? Geez, go get a game to waste your time.
Yeah, go ask your local police department as to what are their laws regarding B&E into the property of OTHER people.
Yes. Try a few command line tools. Start -> Run -> cmd net view arp -a nbtstat -n Getting the IP addresses of everything requires a program. Belarc Advisor (free version) has a nice network scanner built in. More:
Nmap will also scan for IP's in use with: nmap -w -sP 192.168.1.0/24 which will produce something like: Host 192.168.1.1 appears to be up. MAC Address: 00:16:01:97:FD:A6 (Buffalo) Host 192.168.1.11 appears to be up. Host 192.168.1.110 appears to be up. MAC Address: 00:01:E6:32:6B:0E (Hewlett-Packard Company) Host 192.168.1.120 appears to be up. MAC Address: 00:24:36:96:13:E6 (Unknown) Nmap done: 256 IP addresses (4 hosts up) scanned in 14.844 seconds
Right. My guess is that you want to attack someone's computer at a wireless hot spot but don't have a clue as to what IP address they're using. If this is the case, kindly reconsider your ethics. If not, kindly disclose what you're trying to accomplish.
Most public wireless hot spots have "AP Isolation" or some similar feature that prevents you from "seeing" any of the other users. All you can see if the internet through the default gateway. Packets do not pass between clients (unless specifically routed). The idea is to prevent casual attacks between users, such as spreading a virus. As a side benefit, it also reduces broadcast traffic.
Try "My Network Places". If you don't have this icon on your desktop, try: Control Panel -> Display -> Desktop -> Customize Desktop and check the boxes of the icons that your want to see.
Shares? Are you also looking for open shares so you can drop a friendly virus on their computer? As I previously mentioned, you might reconsider your ethics. At your present ability level, you're almost certain to make a mess. Shares can be found with the "net view" command or with "My Network Places". If you know the IP address, you can also see shared folders with: Start -> run -> cmd \\ip_address
One semi-legit purpose for "seeing" the other users is that iTunes allows a user to place the local music file into a semi-public directory. That way, if other iTunes users can "see" your computer, they can also play "your" music.
(They can't, at least not via the basic iTunes menu, save your music onto their system).
I expect this was common knowledge and probably even an advetised feature way back, but I was quite surprised when I hooked up to a public wifi system and saw a dozen sets of iTunes libraries...
Hmm. you know, I don't have a clue as to how it does its magic... All I know is that it works. (And, as I mentioned earlier, I was quite surprised, happily so, to see a dozen other iTunes libraries that I could listen to...).
Dunno. But I'm sure someone or another here will be by with the answer in a moment, and I'll feel like crawling under a rock...
Hi Jeff, You immediately seem to have the most understanding here. On my home network, with 3 computers on a router, these commands report:
C:\bin\> net view System error 6118 has occurred. The list of servers for this workgroup is not currently available
C:\bin\> arp -a No ARP Entries Found
C:\bin\> nbtstat -n LAN: Node IpAddress: [0.0.0.0] Scope Id: [] No names in cache WAN: Node IpAddress: [10.20.30.200] Scope Id: [] NetBIOS Local Name Table Name Type Status --------------------------------------------- BORONA UNIQUE Registered BORONA UNIQUE Registered OFFICE GROUP Registered
In summary, these commands won't find my computers on the network let alone anyone else trying to break into my network (which is what I'm watching out for). I'll try the other suggested programs and report back.
In the meantime, my main question is that I don't understand why these commands don't even show my own computers connected to my own network?
One good way to watch for intrusion is to use something like WallWatcher to collect, view, and analyze your router logs.
If your router's ability to log is compatible with WW's ability to collect then the viewing and analysis is made much more interpretable by WW's organization and graphical display of the data.
Otherwise router logs would be mind-numbing.
formatting link
collects, displays, and analyzes log information from more than 135 Routers and firewalls
If you are interested in investigating any problems with network interference in your area (or rogue access points) something like NetStumbler might help you
You have file and print sharing disabled on your unspecified operating system. I'm assuming Windoze XP SP3.
Your network may be broken. At a minimum, it should show the MAC and IP address of your unspecified maker and model internet router. For example, on my system, I now see:
C:\>arp -a Interface: 192.168.1.11 --- 0x3 Internet Address Physical Address Type 192.168.1.1 00-16-01-97-fd-a6 dynamic 192.168.1.122 00-00-00-00-00-00 invalid The last line is my iPod Touch, which I turned off just before running the command.
Very strange. Your LAN is disconnected and you have a WAN connection using a non-routeable IP address. That means you probably have your computah plugged directly into a cable, DSL, or wireless modem. That works, but you're not going to see the rest of your ISP's customers machines. The router at the ISP is always configured to prevent this. Nice try. Your LAN related command will work when you get a LAN.
Also, compare your output with mine. See anything different?
C:\>nbtstat -n Local Area Connection 4: Node IpAddress: [192.168.1.11] Scope Id: [] NetBIOS Local Name Table Name Type Status -------------------------------------------- CHOLESTEROL3 UNIQUE Registered WORKGROUP GROUP Registered CHOLESTEROL3 UNIQUE Registered WORKGROUP GROUP Registered WORKGROUP UNIQUE Registered ..__MSBROWSE__. GROUP Registered
Note the MSBROWSE with means Windoze discovery service is working.
20 is File Server Service, which suggests that file sharing is enabled. I'm not sure why 'net view' would fail if it's really enabled. Firewall rules problem? Virus? Key Logger? Hard to tell from here. IE and ID are Browser Service Election, which means that since I only have one machine on at this time, it gets to play Master Browser for "view network neighborhood". There's quite a bit of interesting stuff under nbtstat:
I had rather hoped that you would do some Google searching for the details behind the commands. If you want it delivered on a silver platter, $75/hr is my consulting rate. Paypal to the address in the signature.
You might consider answering my previous questions before asking any more. I'll make it easy for you:
What do mean by "see"? What information do you want?
What are you trying to accomplish?
Why are you trying to hack computers that do not belong to you in a coffee shop?
Add one more. What do you have for hardware, how is it configured (IP layout), and where is the wireless in the puzzle?
I first installed the netstumbler, which, as documented, nicely turned off the wireless zero configuration (WZC) so that I can't accidentally connect.
It showed me muuuch more than I though I had in my wireless area - but it did NOT show me anything about my own internal network which is the information I'm after. It's looking in the wrong direction.
BTW, accidentally, using netstumbler, I did fortuitously notice my Linksys WRT54G router and another router on a nearby channel (but with a different MAC address) both had "linksys" as the router names! I had left mine at the default; apparently so did one of my neighbors! Who knows who was connecting to whom!
So that was amazing as a start that perhaps I've accidentally been connecting to the wrong router! I would never have known that if I hadn't tried your suggestion. Thanks.
FWIW, I promptly changed my router name to "wrt54g" so that I could tell the difference between my router and my neighbors and I wrote down my router's MAC address from netstumbler which I hadn't known prior - so it wasn't a total waste to install and test it out. Thanks for the pointer (but I'm not trying to find networks I can connect to ... I'm trying to find networks that are connecting to me).
As for Wallwatcher, I'll try that next.
I had never turned on the logs for the Linksys WRT54G (don't know how) but I will look that up first and try that so see if it shows someone connecting to my network and report back.
Because I want to know if anyone else is connecting to my network.
So I first looked to see what computers were on my network (of which I have a few in the house).
I couldn't even see my own computers on my own network, let alone someone elses' computer breaking into my network.
So, if I could see my own computers on my own network, that would be the first step. The second step would be to see if a rougue (to use a term you guys seem to use) to see if a rougue computer was attaching to my network.
NOTE: So far I tested "net view" "arp -a" and "nbstate -n", none of which can see the other computers that I know are on my network because they are my own computers. I'll keep digging given the hints Jeff and Mike provided and report back the results when I can finally see my own computers on my own network.
Hi Jeff, Yes, it's Windows XP SP3. With a Linksys WRT54G wireless router.
Hmmm... maybe the netstumbler test messed things up. I rebooted everything, first the ISP, then the routers, then the computers.
Here's what I now get:
Microsoft Windows XP [Version 5.1.2600] C:\bin> arp -a
Interface: 10.20.30.200 --- 0x3 Internet Address Physical Address Type 10.20.30.40 00-16-b6-53-23-95 dynamic
I'm not trying to see their machines. I'm just trying to see MY machines. And, if it exists, I'm trying to see if any additional "rogue" machine is connecting to MY network.
Re-running the nbtstat -n, I get:
C:\bin> nbtstat -n
LAN: Node IpAddress: [0.0.0.0] Scope Id: [] No names in cache WAN: Node IpAddress: [10.20.30.200] Scope Id: [] NetBIOS Local Name Table Name Type Status --------------------------------------------- BORONA UNIQUE Registered BORONA UNIQUE Registered OFFICE GROUP Registered
Yes, I see you have MSBROWSE (as you noted) and I do not. Both of us have the "20 File Server Service" which shows file sharing is enabled.
I re-ran "net view" without the freeware software firewall but got the same results. C:\bin> net view System error 6118 has occurred. The list of servers for this workgroup is not currently available
A: I just want to see my own computers and, only if a rogue computer is also connecting to my home network, I want to see that.
A: I want to know if/when a rogue computer connects to my network.
A: I was trying to ask the more general question which is to see what computers are connecting to me no matter what network I am on.
I have 4 Windows XP SP3 computers tied to a simple home network with a Linksys WRT54G wireless router as the common point.
I have some networking skills (not much, but some) so I've long ago modified the router settings to not have the standard IP address (not
192.168.1.1 for example). I turned off DNS caching services (because of thrashing due to a large hosts file) but I've not implemented MAC filtering.
I am having trouble experimenting with nmap (am debugging something called winpcap) will report back when I get it running.
Fuller wrote in news:i27h3s$a8t$ snipped-for-privacy@tioat.net:
If you think you are going to be able to 'see' everything from one computer, you are wrong.
The only way to do that would be to read the link Navas posted, and then buy or setup some packet sniffer thing that automatically looks for 'suspicious' packets.
That would involve putting a *HUB* between your modem and the rtr, as a 'switch' most likely allow proper sniffing of everything.
You have a NAT rtr. If no ports are mapped to an inside PC, there's virtually no chance that anyone from the outside will be able to get inside w/o already being inside, as in through a spyware/malware/trojan infected PC.
As for the wireless, use the latest authentication and encryption protocol.
If you're really into monitoring, there are tons of SNMP based tools for monitoring your WRT54G. The catch is that you'll need to install alternative firmware in your WRT54G that supports logging and SNMP (such as DD-WRT). See MRTG, PRTG, RRDTool, etc.
Sorry, but I really don't want continue guessing your network topology and equipment. Y'er on your own for why common diagnostic commands do not work on your machine.
Note the weird -g syntax for the range of IP addresses. Change the address range to match your network.
C:\>fping -g 192.168.1.1/192.168.1.254
Fast pinger version 2.16 (c) Wouter Dhondt
formatting link
multiple hosts with 32 bytes of data every 1000 ms: Reply[1] from 192.168.1.1: bytes=32 time=1.2 ms TTL=64 Reply[2] from 192.168.1.2: bytes=32 time=2.9 ms TTL=255
192.168.1.3: request timed out
192.168.1.4: request timed out
192.168.1.5: request timed out
192.168.1.6: request timed out
192.168.1.7: request timed out
192.168.1.8: request timed out (...)
You can remove the timeouts from the output with: fping -g 192.168.1.1/192.168.1.254 | find "Reply" and to speed things up a bit (from 1 sec to 0.5 sec): fping -t 500 -g 192.168.1.1/192.168.1.254 | find "Reply" You'll have to wait for all 254 pings to finish to see the output.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.