If you want a Bash script that discovers hosts on your local network without using nmap, we can use other tools like ping for host discovery. However, without nmap, it will be more difficult and less reliable to detect open ports on each host.
The solution could be the following:
#!/bin/bash
# Define the base subnet and IP address range to monitor
subnet="192.168.1"
start=1
end=254
echo "Scanning for active hosts in the subnet $subnet.0/24..."
# Function to test connectivity with ping
ping_host() {
if ping -c 1 -W 1 $1 &> /dev/null; then
echo "$1 is up"
fi
}
# Pings all IP addresses in the defined range
for i in $(seq $start $end); do
ip="$subnet.$i"
# Run ping in the background to speed up the process
ping_host $ip &
done
# Wait for all background processes to finish
wait
echo "Scan complete."
In detail:
- Defining the subnet and IP range: Edit the
subnetvariable to reflect the first three octets of your local network and adaptstartandendto cover the range of IPs you want to scan. - Ping function: The
ping_hostfunction usepingto check the availability of a host. If the host responds to the ping, a message is printed. - Parallel execution: For each IP in the defined range, the ping is executed in the background to speed up scanning. li>
- Synchronization:
waitis used to ensure that all background processes end before declaring the scan complete.
This method is less invasive and requires no additional tools, but it is also less verbose and may not detect hosts configured to ignore ICMP (ping) packets. It also does not scan ports, as doing so without nmap would require a much more complex and less reliable approach.