01Seed the ARP cache with a parallel ICMP sweepSWEEP▶
# Parallel ping sweep across 192.168.131.1 - 192.168.131.254
i=1
while [ $i -le 254 ]; do
(ping-c 1 -w 1 192.168.131.${i} >/dev/null 2>&1) &
i=$((i+1))
donewaitsleep 2
Command Breakdown
i=1
Initialise loop counter at the first usable host octet.
while [ $i -le 254 ]
Iterate until the broadcast address is reached. 254 stops short of .255 (the broadcast for a /24).
( ping ... ) &
Subshell launched in the background — the loop does not wait for ping to finish before launching the next one. This parallelises the sweep.
ping -c 1 -w 1
AIX ping syntax — send 1 packet, wait 1 second for a reply. -w on AIX is timeout in seconds (not deadline like on Linux).
>/dev/null 2>&1
Discard both stdout and stderr — we don't care about ping output, only the ARP side-effect.
i=$((i+1))
POSIX arithmetic increment — pure ksh, no external expr needed.
wait
Block until every backgrounded subshell finishes. Without this, the next command would race ahead of unfinished pings.
sleep 2
Allow the ARP cache to settle. Background pings can complete a few ms before their ARP entry is fully populated.
Why parallel: a serial sweep with a 1s timeout would take 4+ minutes for a /24. Backgrounding all 254 pings at once finishes in ~5 seconds and produces 254 job-control lines like [1] 14352834 as PIDs are registered, then Done / Done(1) as each completes. Done(1) = ping got no reply, Done = reply received — but you don't need to read these; the ARP table is what matters.
Use . as the field separator — splits each IP into 4 fields by octet.
+3n -4
AIX-native sort syntax. Sort starting at field offset +3 (the 4th octet) up to but not including field -4, numerically (n). AIX sort does NOT accept GNU -k4 -n style.
Read each sorted line into two variables — ip and mac — split on whitespace.
name=$(host $ip ...)
Run a reverse DNS lookup. Output of host on AIX is typically X.Y.Z.W.in-addr.arpa domain name pointer host.fqdn.
awk '/domain name pointer|name =/ {print $NF}'
Match either AIX-style (domain name pointer) or BIND-style (name =) output and extract the last field — the FQDN.
sed 's/\.$//'
Strip the trailing dot DNS appends to FQDNs.
[ -z "$name" ] && name="<no PTR>"
If no PTR record exists, the lookup returns nothing — substitute a placeholder so the column stays aligned.
printf "%-18s %-32s %s\n"
Print three left-justified columns: IP (18 chars), hostname (32 chars), MAC. Produces a clean, aligned table.
AIX gotchas: the GNU sort -t. -k4 -n form will fail with a usage error on AIX — always use the +pos -pos notation. Likewise, host may not be in stock AIX; if absent, swap it for nslookup $ip 2>/dev/null | awk '/name =/ {print $NF}' | sed 's/\.$//'.
Reading the MAC OUI prefixes: when DNS is missing, the first three octets of the MAC (OUI) often identify the device vendor — useful for triage:
• fa:16:3e → OpenStack / KVM virtual NIC
• 00:50:56 → VMware vSwitch
• b8:ca:3a → Dell
• 00:0e:11 → Dell (older / iDRAC range)
• 84:a9:38 → IBM
• e0:91:f5 → Dell EMC
• 7c:d3:0a → IEEE-allocated, varies
Note duplicate MACs at .101/.150 and the consecutive .233/.237 pair — likely the same device with two interfaces, or a VRRP/HSRP virtual address. Worth confirming with the network team before claiming either as "free".
⚠ Key Notes
Discovery scope is the local L2 segment only — ARP does not cross routers. If the VLAN spans subnets, this method only sees hosts on the same broadcast domain as the AIX box.
Hosts that block ICMP and haven't been talked to recently won't appear. Firewalled appliances and powered-off DHCP-leased addresses are invisible to this method.
Use AIX sort +pos -pos notation, NOT GNU -k — the GNU form errors out on AIX with a usage banner.
Use AIX ping -c N -w SECS — the -w flag is per-packet timeout on AIX, not deadline as on Linux.
If host is not installed, substitute nslookup in the lookup subshell.
This is a point-in-time snapshot of responsiveness, not an authoritative list of reservations. Always cross-check the IPAM / network team before claiming an address as free.
Re-run during business hours and out-of-hours if you're trying to capture intermittent or scheduled hosts.