Recently I need to quickly scan the local network and find my other device's IP address. I do not have access to the access point, and my device does not report its IP so I cannot directly get what I want. But using another device (laptop specifically), I can quickly find out the IP address of that device.
Just simply do:
for ip in $(seq 1 254); do echo $ip; nmap -sP --max-retries=1 --host-timeout=10ms 10.0.0.$ip | grep "Host is up"; done
Since we are under the same network (assuming my IP is 10.0.0.xx), we will have very low latency (so we can set low timeout). And then this prints:
1 Host is up (xxxs latency). 2 3 ... 61 Host is up (xxxs latency). ... 206 Host is up (xxxs latency). ...
That means:
- 10.0.0.1 is my gateway (access point)
- 10.0.0.61 is me
- And of course the one left is 10.0.0.206, which is my device's IP
✌️