How to remotely find out a linux hostname without the use of DNS?
If I want to find out how the hostname of a remote linux machine on my LAN is, how can I achieve this given I don't have access via SSH etc.?
Probably depends if linux is part of a WINS domain I suppose.
Solution 1:
You'd have to specify the term hostname more closely. If you are looking for the name as it is known to the DNS server that you don't want to use - there is no way of knowing except for actually asking that DNS server.
If you are simply guessing, nmap can be of good use. For example, if there is a smbd running on that server, the output of nmap -A
might look like this:
Host script results:
| smb-security-mode:
| Account that was used for smb scripts: guest
| User-level authentication
| SMB Security: Challenge/response passwords supported
|_ Message signing disabled (dangerous, but default)
|_smbv2-enabled: Server doesn't support SMBv2 protocol
|_nbstat: NetBIOS name: FOOBAR, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
| smb-os-discovery:
| OS: Unix (Samba 3.5.6)
| Computer name: foobar
| Domain name: lan
| FQDN: foobar.lan
| NetBIOS computer name:
|_ System time: 2013-03-14 17:02:27 UTC+1
Other services might give hints about the name of the machine as well.
Solution 2:
In the absence of a DNS server, this might work:
traceroute 1.2.3.4
Alternatively, if the server in question is exporting Samba shares, you could do this:
smbclient -L 1.2.3.4
This depends on whether you have a working DNS server set up on your LAN that has the necessary information. If it does, this command should do what you need:
nslookup 1.2.3.4
or
host 1.2.3.4
Finally, another useful command is
arp -a
Solution 3:
Fingerd (and xinetd) are easy to set up and require no maintenance.
$ finger [email protected] [10.3.0.3:79] Welcome to Linux version 3.5.7-12-tryggve at tryggve.lan ! (...)