How to remotely find out a linux hostname without the use of DNS?

If I want to find out how the hostname of a remote linux machine on my LAN is, how can I achieve this given I don't have access via SSH etc.?

Probably depends if linux is part of a WINS domain I suppose.

Solution 1:

You'd have to specify the term hostname more closely. If you are looking for the name as it is known to the DNS server that you don't want to use - there is no way of knowing except for actually asking that DNS server.

If you are simply guessing, nmap can be of good use. For example, if there is a smbd running on that server, the output of nmap -A might look like this:

Host script results:
| smb-security-mode:
|   Account that was used for smb scripts: guest
|   User-level authentication
|   SMB Security: Challenge/response passwords supported
|_  Message signing disabled (dangerous, but default)
|_smbv2-enabled: Server doesn't support SMBv2 protocol
|_nbstat: NetBIOS name: FOOBAR, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
| smb-os-discovery:
|   OS: Unix (Samba 3.5.6)
|   Computer name: foobar
|   Domain name: lan
|   FQDN: foobar.lan
|   NetBIOS computer name:
|_  System time: 2013-03-14 17:02:27 UTC+1

Other services might give hints about the name of the machine as well.

Solution 2:

In the absence of a DNS server, this might work:

traceroute 1.2.3.4

Alternatively, if the server in question is exporting Samba shares, you could do this:

smbclient -L 1.2.3.4

This depends on whether you have a working DNS server set up on your LAN that has the necessary information. If it does, this command should do what you need:

nslookup 1.2.3.4

or

host 1.2.3.4

Finally, another useful command is

arp -a

Solution 3:

Fingerd (and xinetd) are easy to set up and require no maintenance.

$ finger [email protected]
[10.3.0.3:79]

Welcome to Linux version 3.5.7-12-tryggve at tryggve.lan !
(...)