Prepare for your network administrators to cringe… I’ve spoken on these commands but never really put them together in this way, exactly. So I wanted to find a coworker on a network. So one way to find people is to use a ping sweep. Here I’m going to royally piss off my switch admins and ping sweep the subnet:
ping 255.255.255.255
Next, I’m going to run arp to translate:
arp -a
Finally, if a machine is ipv6, it wouldn’t show up. So I’m going to run:
ndp -a
Now, I find the hostname, then look at the MAC address, copy that to my clipboard, find for that to get the IP and then I can flood that host with all the things. Or you could use nmap… :-/