Scanning for computers on a remote subnet

SHARE this post!

I think the ADD meds have really started to kick in. I had a problem with probably some pretty simple solutions using software but instead I used IT skills and a piece of Unix software ported to Windows.

Here is the problem. We have a computer in a remote subnet, remote city actually and we did not know anything but the city name. In the past I have used for pay type programs and I even just found a piece of freeware called Free IP Scanner (which works great) but I wanted to see what else was out there and more importantly what these tools probably do in the background.

How to Find the Subnet to Scan

First I needed to find out where this subnet was. I knew of a printer there so I just added the printer to my machine and went to properties –> ports and got the IP address of that printer ( Now I knew my subnet. I still needed to find the IP of the computer of the subnet.

I wanted to use a variation of ping on my Windows XP computer but there did not seem to be an option so instead I did a search on Google and found a Unix messageboard and a blog post talking about nmap. Nmap is not part of native windows networking built in like Ping or NSlookup, or NetStat so I had to download and install the Windows version of Nmap and that went smoothly. After the install there is a new windows program called Zenmap and in there you give parameters and it will run the code against the command line that nmap installed. Just to let you know there are a few things in addition that nmap for Windows installs including scripts and a Python interpreter to get this Unix/Linux app to work in Windows and run the commands needed. Be very aware though that nmap is for more than just scanning subnets, it can do a lot for you in terms of seeing info about all remote hosts on a subnet or a machine in particular.

Zenmap for Scanning Subnets

So now I just had to figure out what to do about how to scan the subnet. I looked at some nmap documentation and as you can see above is was as simple as putting in and although the syntax seems strange for that IP range it does work. The cool thing was that it gave me the code in a box underneath that it was going to run to get the addresses (nmap -sP -PE -PA21,23,80,3389

Scanning the Subnet

So in the box I was able to find two printers and the computer. and after I had the computer IP I just used RDP to remote to the machine and on the drop down box for the domain it gave me the computername.

This has to be the longest stretch of time that it has taken me in a long time to do an apparently simple IT task. I am sure I could have just walked over to our network guys and found the name in just a couple of minutes but that was not the goal of this exercise, I wanted to search around and find not tools and methods of getting information. This was a lot of work I guarantee to get a computer name but I love that I now have nmap to rely on and I got to flex my brain muscles a bit.


<a href="" title="My Google+ profile"></a>

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.