Linux: Ping scanning without nmap

1. Usefull for when you don’t have nmap and need to find a missing host. Pings all addresses from 10.1.1.1 to 10.1.1.254, modify for your subnet. Timeout set to 1 sec for speed, if running over a slow connection you should raise that to avoid missing replies. This will clean up the junk, leaving just the IP address:

for i in {1..254}; do ping -c 1 -W 1 10.1.1.$i | grep ‘from’ | cut -d’ ‘ -f 4 | tr -d ‘:’; done Show Sample Output

2. Waits for all pings to complete and returns ip with mac address

(prefix=”10.59.21″ && for i in seq 254; do (sleep 0.5 && ping -c1 -w1 $prefix.$i &> /dev/null && arp -n | awk ‘ /’$prefix’.’$i’ / { print $1 ” ” $3 } ‘) & done; wait)

4. This version combines the best of the other suggestions and adds these features: 1. It scans a /16 subnet 2. It is very fast by running the ping commands in the background, running them in parallel. 3. Does not use the “-W” option as that’s not available in older ping versions (I needed this for OS X 10.5)

prefix=”169.254″ && for i in {0..254}; do echo $prefix.$i/8; for j in {1..254}; do sh -c “ping -m 1 -c 1 -t 1 $prefix.$i.$j | grep \”icmp\” &” ; done; done

5. Not really an easier solution. But an example using && for (if last command returned 0). You can use || for (if last command returned other than 0).

prefix=”10.0.0″ && for i in seq 25; do ping -c 1 $prefix.$i &> /dev/null && echo “Answer from: $prefix.$i” ; done