• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar
OpenTechTips

OpenTechTips

Short and Concise Guides for IT Professionals

MENUMENU
  • HOME
  • ALL TOPICS
    • Active Directory
    • Exchange
    • InfoSec
    • Linux
    • Networking
    • Scripting
      • PowerShell
    • SSL
    • Virtualization
    • Web
    • Tools
  • ABOUT
  • SUBSCRIBE
Home » Ping Sweep Without Nmap with Native Tools in Linux, Windows, macOS

Ping Sweep Without Nmap with Native Tools in Linux, Windows, macOS

November 12, 2020 - by Zsolt Agoston - last edited on November 12, 2020

Ping sweeping is a basic technique to find active hosts on a network.

You might be looking for a particular host in your infrastructure, like a network printer, or you simply want to assign a static IP to a new network host/device and want to know which IP is free to use.

Note: nowadays with stricter and stricter security rules many hosts are set to drop icmp echo-request (ping) packets. If you ping sweep to find unused addresses, after finding a suitable one ALWAYS check your arp table, as the IP might be used by a host even though the ping sweep returns with no activity from the address. Even that case the arp table will contain it's physical (MAC) address!

Use arp -n on unix and arp -a on Windows machines.

As an example, we want to scan our whole subnet: 192.168.1.0/24.

That means we need to run through all the 254 hosts, from 192.168.1.1 to 192.168.1.254, ping them and return only the addresses that were responding to our queries.

In Unix-type systems, like Linux, BSD and macOS we use the bash shell which is available in all those operating systems. When using Windows, it's cmd which is the native built-in command line utility.

A for loop iterates through all the possible host addresses, pings them and prints out the active hosts only.

Note that we use the 192.168.1.0/24 subnet with 254 hosts, but we could easily specify a bigger or smaller subnet, modifying our commands.

For example, if we want to scan 10.0.0.0/27, which is all the hosts from 10.0.0.1 to 10.0.0.30 we'd modify the for loop accordingly. We also can scan irregular ranges, not needing to cover whole subnets.

Don't forget to modify the ping command, use your specific subnet if it differs from 192.168.1.x

Bash (linux, Mac, BSD)

for i in {1..254} ;do (ping -c 1 192.168.1.$i | grep "bytes from" &) ;done
Ping Sweep Without Nmap with Native Tools in Linux, Windows, macOS

Cmd (Windows)

for /L %i in (1,1,254) do @ping -n 1 -w 100 192.168.1.%i | findstr "Reply from"
Ping Sweep Without Nmap with Native Tools in Linux, Windows, macOS

Nmap

And finally the classic Nmap command for ping sweeping

nmap -sn -T5 100 192.168.1.1-254
Ping Sweep Without Nmap with Native Tools in Linux, Windows, macOS

Enjoy 🙂

Reader Interactions

Community Questions Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Tools

Secondary Sidebar

CONTENTS

  • Bash (linux, Mac, BSD)
  • Cmd (Windows)
  • Nmap

  • Terms of Use
  • Disclaimer
  • Privacy Policy