View IP usage in the network method one: original Ping method
The first method is relatively simple and is subject to environmental constraints. It is well known that ICMP protocol packets are allowed to pass through a computer that does not have a firewall installed or set up filtering rules, so the "Ping IP Address" command allows you to see if the IP address is in use by the computer. Through "Start-run" of the taskbar, enter cmd and enter the command line mode. Assuming the corporate network is 192.168.1.0/255.255.255.0, you can ping 192.168.1.1,ping 192.168.1.2......ping 192.168 1.254来 to test whether the IP address is occupied. This approach is not possible if a firewall is installed on the computer to filter ICMP protocols, or if the ACL access control list is filtered on the corporate switch and router. Therefore, this method is more limited, the general test success rate is not high, it is easy to install the firewall of the computer corresponding to the IP address that is not used.
View IP occupancy in the network two: Scanner scanning method
Because the scanner scan is not just using the ICMP protocol to ping, you can set up, let the scanner scan several more ports, more than a few services scan. In this way, even if a firewall is installed on the computer or there is an Access Control List filtering ICMP protocol on the switch, there is no issue of under-reporting if the computer is open to certain ports or some services. The list of IP addresses scanned by the scanner can also be exported as HTML files or txt files, so as to facilitate storage and statistics. Scanner scanning allows you to view the IP addresses used by almost all computers in the network, but for those very individual firewall-setting complex rules that filter most of the common ports and common services of computers, or more or less the problem of false or false reporting, Coupled with scanner scanning method also requires us to download special tools, so it also brings inconvenience to the operation.
View IP occupancy in the network three: Sniffer monitoring method
As a network administrator we should all use sniffer, then only need to open in the network sniffer on the network transmission packets to monitor, after a period of time will find out which IP addresses have packets issued, so you can determine that the IP address has been occupied. However, the sniffer method can not be used to save the IP address to file output, and give people a sense of being overqualified, after all, sniffer orthodoxy is not used to do scanning IP address.
View IP usage in the network four: ARP caching method
The Arp caching method is based on the Ping method described earlier, it is not possible for a computer that has a firewall or set up filtering rules to ping the IP address directly, but it is important to note that although the IP address cannot be taken from the Ping's return information, But it can be seen from the ARP cache. Firewall and other filtering settings can not allow the ICMP protocol to return packets to the source address, but because the ARP is working on the two layer, so in the ICMP protocol packet was filtered before ARP has access to the network in the way the MAC address of the online host.
As long as the computer in the network wants to surf the internet, the MAC address of its NIC will be told to the switch it is connected to, and then the switch will further feed the MAC address he knows to the host using Ping. This allows the host to use the ping to know whether the IP address's computer is online by getting a MAC address.
Through "Start-run" of the taskbar, enter cmd and enter the command line mode. Assuming the corporate network is 192.168.1.0/255.255.255.0, you can ping 192.168.1.1,ping 192.168.1.2......ping 192.168 1.254来 to test whether the IP address is occupied. Of course, regardless of ping return to the pass or not, all ping after the execution of the ARP-A command to display the ARP cache table, appear in the cache table IP address is occupied address.