PingScan – Ping a Range of IP Addresses in Network with Linux
If you need to determine which devices are currently connected to the network, there is a simple way using the built-in ping utility running in a Linux For Loop.
Run the following command using ping in a Linux Bash
$ for i in $(seq 254); do ping -c1 -W1 10.1.1.$i & done | grep from
The output from this IPv4 example looks like this.
64 bytes from 10.1.1.1: icmp_seq=1 ttl=255 time=0.528 ms 64 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=4.82 ms 64 bytes from 10.1.1.4: icmp_seq=1 ttl=64 time=0.046 ms 64 bytes from 10.1.1.5: icmp_seq=1 ttl=64 time=6.52 ms 64 bytes from 10.1.1.103: icmp_seq=1 ttl=255 time=0.295 ms 64 bytes from 10.1.1.104: icmp_seq=1 ttl=64 time=0.083 ms 64 bytes from 10.1.1.105: icmp_seq=1 ttl=64 time=0.513 ms 64 bytes from 10.1.1.106: icmp_seq=1 ttl=64 time=1.16 ms 64 bytes from 10.1.1.110: icmp_seq=1 ttl=64 time=0.485 ms
Explanation of ping parameters:
-c1number of ping requests (one ping for each address).
-W1time to wait for response (timeout)..
Instead of the Class A subnet shown above, any IPv4 class can be used in the loop, whereby after
sec the corresponding number of hosts for an range can be inserted, may depending on what kind of netmask is used.
$ for i in $(seq 99 199); do ping -c1 -W1 10.1.1.$i & done | grep from 64 bytes from 10.1.1.103: icmp_seq=1 ttl=64 time=0.521 ms 64 bytes from 10.1.1.104: icmp_seq=1 ttl=255 time=0.474 ms 64 bytes from 10.1.1.105: icmp_seq=1 ttl=64 time=3.36 ms 64 bytes from 10.1.1.106: icmp_seq=1 ttl=64 time=1.37 ms 64 bytes from 10.1.1.110: icmp_seq=1 ttl=64 time=0.645 ms
Ping sends an ICMP (Internet Control Message Protocol) echo request to a probed interface on the network and then waits for a response. After the initiator run a ping command, a ping signal is sent to a specific address. If the destination host receives the echo request, it responds by sending an echo reply packet. Here in this example ping is used to get the ICMP echo replies for a range of addresses using a For Loop applied.
Another useful alternatives to scan a subnet is to use nmap, but this tool is usually not built-in and must first be installed, if using a Debian GNU/Linux-Distribution then run
sudo apt install nmap
nmap is a powerful and versatile tool to check security, but here in order not to leave the context, the command with the effect similar to ICMP echo reply results of ping works like this.
$ nmap -T5 -sP 10.1.1.1-254 | grep scan
This post shows how to scan whole ip subnets or ranges in a simple way without using additional tools. there are certainly many other methods and commands, we limit ourselves to a few but useful examples here, may have inspired you! which of course I’m would be happy about.