How to find unused IP Address on a network?

A fast scanner is arp-scan which uses ARP to "see" other machines on a network. It also returns the MAC address and tries to determine the manufacturer of the network adapter.

Example usage (replace wlan0 by eth0 if needed):

$ sudo arp-scan -I wlan0 192.168.1.0/24
Interface: wlan0, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.6 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)
192.168.1.10    00:90:f5:33:e2:f2       CLEVO CO.
192.168.1.254   00:14:7f:72:cd:05       Thomson Telecom Belgium

2 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.6: 256 hosts scanned in 1.406 seconds (182.08 hosts/sec).  2 responded

Note that this utility only reports machines which are powered on. ping can be blocked, but arp-scan cannot be blocked since it's necessary for a machine to interact with other machines on a network. To be sure that an IP is unused, you'd better look at your router (for static/dynamic addresses) and DHCP server (for dynamic addresses).

sudo nmap -sP -PR 192.168.0.* (or whatever your network is) will do the trick.

To install it use sudo apt-get install nmap.

Source: serverfault.com.

Just tested this, works like a charm including obscured hosts, you need to add sudo to be able to use the -PR option.

I find fping useful; among other things, it will ping a range of addresses and list which are 'alive' and which are 'unreachable'. fping is not installed by default.

sudo apt-get install fping

The simple approach is to just run it over a range of addresses.

fping -g 192.168.0.2 192.168.0.254 2>/dev/null

A bit more elaborately, to produce a list of unused IPs.

fping -g 192.168.0.2 192.168.0.254 2>/dev/null | grep 'is unreachable' | cut -d ' ' -f 1 | sort -t '.' -k 4 -n