Fastest way (on windows) to convert list of hostnames into list of IPs

[davil]

Hi all,

I'm trying to convert a big list of hostnames to IPs as quick as I possibly can. At the moment I just have a PHP script pinging each machine and cutting out the garbage and writing just the ips into a text file. But this takes quite a long time especially when it hits non-pinging machines. Does anyone have a ping exe that will move on straight away if it doesn't get a reply?? or does anyone have a faster way / tool ? I could probably learn perl or python if necessary but maybe there's a PEAR class or something ?

I'll find it eventually with google but I've had no luck so far.

Any help is much appreciated.

[Jason Cooper]

use nslookup instead of ping as this will just resolve the ip address rather than trying to ping it.

[Netshroud]

Use PHP's GetHostByName function.

[davil]

Use PHP's GetHostByName function.

Thanks a bunch for that. will try that now.

[davil]

Ok i've tried that but it's still very slow. Originally I was having trouble,

i.e. Maximum execution time of 300 seconds exceeded - so I split it up into smaller chunks of about 300 ips at a time.

But I'm using the following script now:

<?php

function DavPing($host){
$output=gethostbyname($host);
return $output;
}

$handle = fopen("ips_all.txt", "w");     /THIS IS THE OUTPUT FILE

$fh = fopen("hosts.txt", 'r') or die("Couldn't open file");    // THIS IS THE INPUT FILE

$numberofhosts = count(file($myFile));

//get the data into a large string
$data = fread($fh, filesize($myFile));
fclose($fh);

$array1 = explode("\r\n", $data);

for ( $bo = 0; $bo <= $numberofhosts; $bo += 1 ) {
    $hostname=$array1[$bo];
    $theip=DavPing($hostname)."\r\n";
    if ($theip!=''){fwrite($handle,$theip);}
}

fclose($handle);

echo "COMPLETE"
?>

but it stopped after writing 700 lines with the 'Maximum execution time of 300 seconds exceeded'

I could increase to 1000 seconds and above but that's over 16 minutes!!!!!!!

There must be a quicker way to get current IP addresses for a list of 2307 hosts ??

[davil]

use nslookup instead of ping as this will just resolve the ip address rather than trying to ping it.

Thanks for that suggestion but unfortunately we're having DNS issues related to conficker. Still, I shall give it a go and see how I get on. Sorry I didn't notice your post earlier

[davil]

Nah it's still taking more than 10 minutes with nslookup, but it got 2100 done.

I'll increase the max execution time a bit more than 600seconds, but I'd imagine there's still a much faster way.

[Jason Cooper]

Thanks for that suggestion but unfortunately we're having DNS issues related to conficker.

If your DNS is slow because of conficker then that explains why your script is taking so long to run as everything will be accessing the DNS to convert the domain name to an IP address. Perhaps look at using an alternative DNS to speed things up

[davil]

Hi scraphead [edit]scrapheap even (I can't read today)[/edit]. Thanks for that. I thought we were still having DNS issues but they seem to have been resolved. It was to do with our lookup zones rather than speed though. DNS lookups seem fine speed-wise. It's just there are so many and I'm using PHP and shell_exec. Some clever coder may have done this properly in C# or something which is why I'm googling around to find said app... but still to no avail.

Thanks for your comments though

[Jason Cooper]

Here is some of my code merged with some I found on the internet to form a perl script to do the hostname lookups for you.

#!/usr/bin/perl

use strict;
use Socket;
if($#ARGV<0) { die "usage: lookupHosts <HostFile>\n"}

open FILE,"<$ARGV[0]" or die "unable to open: $ARGV[0]\n";
while(my $line=<FILE>)
{
  $line=~s/[\s\r\n]*$//;
  print "$line\t". hostname($line) ."\n";
}

sub hostname {

  my (@bytes, @octets,
    $packedaddr,
    $raw_addr,
    $host_name,
    $ip
  );

  if($_[0] =~ /[a-zA-Z]/g) {
    $raw_addr = (gethostbyname($_[0]))[4];
    @octets = unpack("C4", $raw_addr);
    $host_name = join(".", @octets);
  } else {
    @bytes = split(/\./, $_[0]);
    $packedaddr = pack("C4",@bytes);
    $host_name = (gethostbyaddr($packedaddr, 2))[0];
  }

  return($host_name);
}

[Jason Cooper]

As always in perl it is worth reading the documentation of the functions you are using the previous code will work fine but this is probably more efficient

#!/usr/bin/perl

use strict;
use Socket;
if($#ARGV<0) { die "usage: lookupHosts <HostFile>\n"}

open FILE,"<$ARGV[0]" or die "unable to open: $ARGV[0]\n";
while(my $line=<FILE>)
{
  $line=~s/[\s\r\n]*$//;
  print "$line\t". hostname($line) ."\n";
}

sub hostname {
  my ($host)=@_;
  my $packed_ip = gethostbyname($host);
  my $ip_address;
  if ($packed_ip) {$ip_address = inet_ntoa($packed_ip)}
  return($ip_address);
}

[davil]

Perl ain't my forté but I'll give it a go. Thanks again.

[Tarbizkit]

i am guessing that you are not wanting to do this from a windows machine. if you are then you could try this vb script file that uses text files to store the hostnames and the ip addresses. be sure to save this file as a vbs and also create the hostnames text file.

'set the next line to 1 to have the output entered like the following
'HOSTNAME    192.168.1.1
'otherwise leave it at 0 to only get the ip address
blnHostAndIP = 1

CONST ForReading = 1 

Set objFSO = CreateObject("Scripting.FileSystemObject") 

'Set path to input and output files.  change these to what ever you like
strHostNameFile = "C:\hostnames.txt" 
strIPOutput = "C:\ipaddresses.txt" 

'Open input log and create the output file 
strHostData = objFSO.OpenTextFile(strHostNameFile,ForReading).ReadAll 
Set objLog = objFSO.CreateTextFile(strIPOutput) 

'Create the array
arrLines = Split(strHostData,vbCrLf) 

'Step through the array
For Each strLine in arrLines
    if strLine <> "" then
        If blnHostAndIP = 0 then
            sHost = strLine
            For Each oIP in GetObject("winmgmts:").ExecQuery ("SELECT * FROM Win32_PingStatus WHERE address = '" & sHost & "'")
                strRealIP = oIP.ProtocolAddress
            Next
            objLog.Writeline strRealIP
        elseif blnHostAndIP = 1 then
    
            sHost = strLine
            For Each oIP in GetObject("winmgmts:").ExecQuery ("SELECT * FROM Win32_PingStatus WHERE address = '" & sHost & "'")
                strRealIP = oIP.ProtocolAddress
            Next
            objLog.Writeline strLine & vbtab & strRealIP

        End If 
    end if
Next 

msgbox "Done"

[davil]

No I am on windows here. so that's quite useful. especially seeing as PHP isn't always an option and I know nothing of perl. Still very slow though but at least I'm not getting any timeouts. speed issue could be a DNS thing but I'm not sure. our active directory was made by monkeys and microsoft aren't much help either. WSUS is only half working here as is our EPO agent for Mcafee Enterprise. Massive company and I'm probably the only one in I.T. who ever even heard of linux lol. I really should get my ass into a software engineering degree or something so I can finally write my own multi-threaded apps to do this sort of thing.

Thanks again for everyones help.

one last thing though.

The whole reason I'm doing this is so I can use Conficker detection tool by mcafee.

That way we can narrow down infections and run the bitdefender removal tool on said machines.

Now unfortunately the detection tool will only work by IP address and it takes too long to scan entire scopes so I was using "net view" command to get list of hostnames and then converting them to IPs using scripts above. However I know this isn't 100% as I'm sure "net view" won't give all active IPs and furthermore I need to keep running the scripts over the following weeks to get any new IPs that come on stream (laptops etc.).. So I suppose I'm wondering is there a way to query the Active Directory for a list of active IP addresses or hostnames with VBS, PHP, AutoIT,AutoHotKey or Kixtart (using WMI) as I am most familiar with these languages... or more to the point a tool that will just do all of the steps above for me to find the conficker infection where it hides.

Not that it will make a difference because even though I have the tools to kill conficker + script patches etc. and our building has its own logon script that I created so we're 100% patched + ok, there's still hundreds of computers on our companies wan and at least 50 of them out of the 2307 that I have scanned have the virus. When I tried to run scripts to kill conficker + patch against it I got a talking to from bureaucratville for rebooting computers I'm not supposed to. So to cut a very long story short, red tape will probably mean that the conficker virus here will spread even further. Microsoft's only short-term answer was to rollout a registry permission block thing which although it stops conficker spreading it also stops the other I.T. people around my WAN installing service pack 3 for XP (we're primarily XP network)

but like I said, my building is fine so why should I care? I'm doing programming work for typist wages.

Sorry about long rant. I tend to do this.