PingScan – Ping a Range of IP Addresses in Network with Linux

If you need to determine which devices are currently connected to the network, there is a simple way using the built-in ping utility running in a Linux For Loop.

Run the following command using ping in a Linux Bash For Loop

$ for i in $(seq 254); do ping -c1 -W1 10.1.1.$i & done | grep from

The output from this IPv4 example looks like this.

64 bytes from 10.1.1.1: icmp_seq=1 ttl=255 time=0.528 ms
64 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=4.82 ms
64 bytes from 10.1.1.4: icmp_seq=1 ttl=64 time=0.046 ms
64 bytes from 10.1.1.5: icmp_seq=1 ttl=64 time=6.52 ms
64 bytes from 10.1.1.103: icmp_seq=1 ttl=255 time=0.295 ms
64 bytes from 10.1.1.104: icmp_seq=1 ttl=64 time=0.083 ms
64 bytes from 10.1.1.105: icmp_seq=1 ttl=64 time=0.513 ms
64 bytes from 10.1.1.106: icmp_seq=1 ttl=64 time=1.16 ms
64 bytes from 10.1.1.110: icmp_seq=1 ttl=64 time=0.485 ms

Explanation of ping parameters:

• -c1 number of ping requests (one ping for each address).
• -W1 time to wait for response (timeout)..

Instead of the Class A subnet shown above, any IPv4 class can be used in the loop, whereby after sec the corresponding number of hosts for an range can be inserted, may depending on what kind of netmask is used.

$ for i in $(seq 99 199); do ping -c1 -W1 10.1.1.$i & done | grep from
64 bytes from 10.1.1.103: icmp_seq=1 ttl=64 time=0.521 ms
64 bytes from 10.1.1.104: icmp_seq=1 ttl=255 time=0.474 ms
64 bytes from 10.1.1.105: icmp_seq=1 ttl=64 time=3.36 ms
64 bytes from 10.1.1.106: icmp_seq=1 ttl=64 time=1.37 ms
64 bytes from 10.1.1.110: icmp_seq=1 ttl=64 time=0.645 ms

  Ping sends an ICMP (Internet Control Message Protocol) echo request to a probed interface on the network and then waits for a response. After the initiator run a ping command, a ping signal is sent to a specific address. If the destination host receives the echo request, it responds by sending an echo reply packet. Here in this example ping is used to get the ICMP echo replies for a range of addresses using a For Loop applied.

Another useful alternatives to scan a subnet is to use nmap, but this tool is usually not built-in and must first be installed, if using a Debian GNU/Linux-Distribution then run sudo apt install nmap

nmap is a powerful and versatile tool to check security, but here in order not to leave the context, the command with the effect similar to ICMP echo reply results of ping works like this.

$ nmap -T5 -sP 10.1.1.1-254 | grep scan

Conclusion

This post shows how to scan whole ip subnets or ranges in a simple way without using additional tools. there are certainly many other methods and commands, we limit ourselves to a few but useful examples here, may have inspired you! which of course I’m would be happy about.