how to find host name from IP with out login to the host

Question

i need to find the host name of a UNIX host whose IP is known with out login to that UNIX host

Answer 1

Use nslookup

nslookup 208.77.188.166 
...
Non-authoritative answer:
166.188.77.208.in-addr.arpa     name = www.example.com.

Answer 2

You can do a reverse DNS lookup with host, too. Just give it the IP address as an argument:

$ host 192.168.0.10
server10 has address 192.168.0.10

Answer 3

Another NS lookup utility that can be used for reversed lookup is dig with the -x option:

$ dig -x 72.51.34.34

; <<>> DiG 9.9.2-P1 <<>> -x 72.51.34.34
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12770
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1460
;; QUESTION SECTION:
;34.34.51.72.in-addr.arpa.      IN      PTR

;; ANSWER SECTION:
34.34.51.72.in-addr.arpa. 42652 IN      PTR     sb.lwn.net.

;; Query time: 4 msec
;; SERVER: 192.168.178.1#53(192.168.178.1)
;; WHEN: Fri Jan 25 21:23:40 2013
;; MSG SIZE  rcvd: 77

or

$ dig -x 127.0.0.1

; <<>> DiG 9.9.2-P1 <<>> -x 127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11689
;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;1.0.0.127.in-addr.arpa.                IN      PTR

;; ANSWER SECTION:
1.0.0.127.in-addr.arpa. 10      IN      PTR     localhost.

;; Query time: 2 msec
;; SERVER: 192.168.178.1#53(192.168.178.1)
;; WHEN: Fri Jan 25 21:23:49 2013
;; MSG SIZE  rcvd: 63

Quoting from the dig manpage:

Reverse lookups -- mapping addresses to names -- are simplified by the -x option. addr is an IPv4 address in dotted-decimal notation, or a colon-delimited IPv6 address. When this option is used, there is no need to provide the name, class and type arguments. dig automatically performs a lookup for a name like 11.12.13.10.in-addr.arpa and sets the query type and class to PTR and IN respectively.

Answer 4

For Windows ping -a 10.10.10.10

Answer 5

• For Windows, try:

  NBTSTAT -A 10.100.3.104
  

  or

  ping -a 10.100.3.104
  

• For Linux, try:

  nmblookup -A 10.100.3.104
  

They are almost same.

Answer 6

python -c "import socket;print(socket.gethostbyaddr('127.0.0.1'))"

if you just need the name, no additional info, add [0] at the end:

python -c "import socket;print(socket.gethostbyaddr('8.8.8.8'))[0]"

Answer 7

It depends on the context. I think you're referring to the operating system's hostname (returned by hostname when you're logged in). This command is for internal names only, so to query for a machine's name requires different naming systems. There are multiple systems which use names to identify hosts including DNS, DHCP, LDAP (DN's), hostname, etc. and many systems use zeroconf to synchronize names between multiple naming systems. For this reason, results from hostname will sometimes match results from dig (see below) or other naming systems, but often times they will not match.

DNS is by far the most common and is used both on the internet (like google.com. A 216.58.218.142) and at home (mDNS/LLMNR), so here's how to perform a reverse DNS lookup: dig -x <address> (nslookup and host are simpler, provide less detail, and may even return different results; however, dig is not included in Windows).

Note that hostnames within a CDN will not resolve to the canonical domain name (e.g. "google.com"), but rather the hostname of the host IP you queried (e.g. "dfw25s08-in-f142.1e100.net"; interesting tidbit: 1e100 is 1 googol).

Also note that DNS hosts can have more than one name. This is common for hosts with more than one webserver (virtual hosting), although this is becoming less common thanks to the proliferation of virtualization technologies. These hosts have multiple PTR DNS records.

Finally, note that DNS host records can be overridden by the local machine via /etc/hosts. If you're not getting the hostname you expect, be sure you check this file.

DHCP hostnames are queried differently depending on which DHCP server software is used, because (as far as I know) the protocol does not define a method for querying; however, most servers provide some way of doing this (usually with a privileged account).

Note DHCP names are usually synchronized with DNS server(s), so it's common to see the same hostnames in a DHCP client least table and in the DNS server's A (or AAAA for IPv6) records. Again, this is usually done as part of zeroconf.

Also note that just because a DHCP lease exists for a client, doesn't mean it's still being used.

NetBIOS for TCP/IP (NBT) was used for decades to perform name resolution, but has since been replaced by LLMNR for name resolution (part of zeroconf on Windows). This legacy system can still be queried with the nbtstat (Windows) or nmblookup (Linux).

Answer 8

The other answers here are correct - use reverse DNS lookups. If you want to do it via a scripting language (Python, Perl) you could use the gethostbyaddr API.

Answer 9

If you are specifically looking for a Windows machine, try below command:

nbtstat -a 10.228.42.57

Answer 10

For minimal distros/images with only curl installed for networking utilities:

curl --write-out '%{remote_ip}' localstack:4566

produces, e.g.:

172.18.0.3

Note:

In Windows the %-symbol is a special symbol used to expand environment variables. In batch files all occurrences of % must be doubled when using this option to properly escape. If this option is used at the command prompt then the % cannot be escaped and unintended expansion is possible.

Answer 11

You can use traceroute command as well.

http://linux.die.net/man/8/traceroute

just use the traceroute it will show you the routing path with host names (IPs resolved)

Answer 12

In most cases, traceroute command works fine. nslookup and host commands may fail.