The equipment that is there now
A few years ago, at my home, the IP address assignment of my PC became an "unexpected" address. The cause is a portable TV. If you used a wireless LAN to connect the main unit and the display and did not connect via the wireless LAN access point, the main unit would be a wireless LAN access point, DHCP server, or router. Simply put, it's like having a wireless LAN router inside your TV. At the time of purchase, I set it to connect via my home access point, but at one point I wasn't feeling well, so when I returned to the shipping state, I returned to the direct connection mode. For this reason, there were two DHCP servers in the network, and some PCs received IP addresses from the TV. In such cases, it would be very helpful to have a tool that can enumerate the nodes in the network.
I want to enumerate the nodes in the network
In Windows, if you open the network of Explorer, you can see PCs, printers, file servers, etc. that belong to the same network. However, not all devices on the network can be displayed. Only devices accessible from Windows can be seen. For example, Chromebooks can use the SMB protocol to access shared folders published by Windows PCs, but they don't show up in Explorer. Explorer only searches for devices with a limited number of protocols. If you "display the details" of the network folder and look at the search method column, keywords such as "WSD", "SSDP", and "WCN" are lined up.
Maybe there are still SMBv1 devices. In the past, Windows used the SMBv1 protocol to search for devices in the network, but SMBv1 was abolished in Windows 10 Ver.1709 (RS3) (however, it remains if SMBv1 is used before Ver.1709). Stay on). After SMBv2, WSD (also known as Web Services for Devices or Web Services on Devices) is used to detect devices on the network.
It uses the Web Services Dynamic Discovery (WS-Discovery) protocol to search for devices that are compliant with the Devices Profile for Web Services (DPWS). Basically, Windows now finds other Windows machines and printers on the network.
SSDP is a Simple Service Discovery Protocol used by UPnP (Universal Plug and Play) to discover services on the network and their existence. WSD is used for PC detection, but SSDP is mainly used for network-compatible AV equipment such as TVs. WCN is an abbreviation for Windows Connect Now, which is a simple device discovery and setting method using WPS (Wi-Fi Protected Setup) and WSC (Wi-Fi Simple Configuration) for wireless LAN. In Windows, these are used to search for and display devices in the network, but conversely, devices that do not support them cannot be viewed from Windows Explorer.
In that case, we need a tool to actively search for devices on the network. An easy way is to use the ARP (Address Resolution Protocol) arp command, which is available on many platforms. However, it is necessary to access the corresponding address in advance, and the record is not recorded unless it is in the same network (because the mac address is not required when accessing other networks). However, once the mac address and IP address are associated with each other by ARP, they remain in the cache for a certain period of time, so devices can be listed even if communication is not possible at present. Both Windows and Linux can display the IP address and mac address stored by "arp -a".
Command to list network devices
On Windows, you can use PowerShell to list the devices in your network. To do this, use the Get-NetNeighbor command. However, since a large number of addresses are displayed, use the option (Table 01) to limit the output, or use Where-Object to extract only specific devices (for example, LinkLayerAddress is not all zero). For example, you can use "-InterfaceIndex" to display only the network devices that can be found by a specific network adapter. This value can be found with the get-net adapter command.
| ■ Table 1 Get-NetNeighbor options (partial) | |
|---|---|
| option | meaning |
| -IPAddress "address string" | Specify the IP address.Wildcards available |
| -InterfaceIndex number | Specify the network adapter by number. "-ifIndex" is also possible |
| -LinkLayerAddress "mac address string" | Specify the mac address.Wildcards available |
| -State "State" | Specify the status of devices such as Reachable |
| -AddressFamily "IPv6" or "IPv4" | Output only IPv4 or IPv6 address |
Get-NetNeighbor -ifIndex 5 | ?{ $_.LinkLayerAddress -ne "00-00-00-00-00-00" }On Linux, using the nmap command is quick and easy. For many distributions, you can install the nmap package (Windows version is also available and can be installed with winget). It can also be used from WSL on Windows, but WSL2 bridges an internal network different from that of Windows on the host side, so it takes a little longer to scan on the LAN side. If your LAN network address is 192.168.0.0/24
nmap -sn 192.168.0.0/24You can scan the network using ping. If you specify only the network address without adding any options, you can display the open ports, and you can also determine the OS and version as an option (Photo 01). Get-NetNeighbor does not need to specify the address, but in the case of nmap, it is necessary to specify the network address to be scanned.
In both cases, if the device has an IP address, it can be searched, but if UPnP is used, the information provided by the device itself can also be obtained. It is because of this function that network-compatible TVs and BD recorders display model names and icons in Explorer. Many of these devices do not respond to WSD.
On Linux, gssdp-discover in the gupnp-tools package will scan for SSDP-enabled devices in your network. However, since SSDP uses multicast, it can only be found within the same network. Since gssdp-discover does not work on WSL1 of Windows and Linux of WSL2 runs inside a virtual machine, it is a separate network from the host PC. For this reason, WSL cannot find UPnP devices with gssdp-discover. You'll need Linux running on physical hardware instead of WSL.
The UPnP tool for Windows used to be "Intel Tools for UPnP" developed by Intel, but I couldn't find it on Intel's site because the distribution stopped. When I searched the internet, there seemed to be open source ones, but I didn't have time to evaluate them properly. For the time being, Explorer will display SSDP compatible devices, so it will be somehow managed.
If devices in the same network can be listed, information collection and remote management can be performed using various network services based on this. In that sense, the network device list can be said to be the "foundation" of network management. Some devices, such as smartphones and tablets, are battery-powered and have intermittent connections, while the prices of devices that can be connected to the network are lower than in the past, but their lifespan has also been shortened. Even if there are only a few devices that are actually in operation, management using a list of devices that have been manually checked will soon be the limit even for general users.