PenTest Tool: Ping Sweep

Ping Sweep is similar to Ping but the difference is the number of IP addresses that can be scanned with these tools. Ping Sweep is used to scan a network or large number of IP addresses to find out how many hosts are Live, where as, Ping is used to scan a single host or IP address.

Ping Sweep and Ping, both, sends out ICMP echo request to host and wait for ICMP echo reply to determine the host status.

Ping Sweep Tools:

nmap command:

-sP option does only Ping scan to determine Live status of host.

c:\Tools\nmap-7.70>nmap.exe -sP 192.168.100.0/24
Starting Nmap 7.70 ( https://nmap.org ) at 2018-12-01 11:41 Arab Standard Time
Nmap scan report for 192.168.100.1
Host is up (0.012s latency).
MAC Address: 4C:1F:CC:2B:04:C0 (Huawei Technologies)
Nmap scan report for 192.168.100.3
Host is up (0.033s latency).
MAC Address: 54:60:09:0D:2E:6E (Google)
Nmap scan report for 192.168.100.8
Host is up (0.043s latency).
MAC Address: 9A:FC:11:B6:6C:BA (Unknown)
Nmap scan report for 192.168.100.18
Host is up (0.081s latency).
MAC Address: C0:9F:05:65:13:99 (Guangdong Oppo Mobile Telecommunications)
Nmap scan report for 192.168.100.10
Host is up.
Nmap done: 256 IP addresses (5 hosts up) scanned in 12.03 seconds

 

In networks, where ICMP is blocked at the firewall, you certainly cannot use above command to determine the host status. Instead, use TCP sync command to determine host status.

c:\Tools\nmap-7.70>nmap -sS -p80 192.168.100.1
Starting Nmap 7.70 ( https://nmap.org ) at 2018-12-01 12:07 Arab Standard Time
Nmap scan report for 192.168.100.1
Host is up (0.0048s latency).

PORT STATE SERVICE
80/tcp open http
MAC Address: 4C:1F:CC:2B:04:C0 (Huawei Technologies)

Nmap done: 1 IP address (1 host up) scanned in 4.45 seconds

GUI Tools: 

There are plenty of GUI tools that does similar job, one among them is ping sweep | pentest-tools.com 

The tool calls Nmap with the proper parameters in order to do the sweeping. Behind the scene, Nmap sends multiple probes to the target systems to provoque responses which could suggest the hosts’ liveness:

  • ICMP echo requests
  • TCP SYN on ports 80,443
  • ICMP timestamp requests

Leave a Reply