Scan IP range using ping

IP scanner for the poor ones Zwinkerndes Smiley

Just open up a cmd.exe and change the ip range..

C:\>FOR /L %x in (1,1,255) do ping -n 1 192.168.2.%x | find /I "reply" >> c:\temp\pingresult.txt

The above command uses a FOR loop to ping each device and looks for "Reply" in the output. If there is a "Reply" then the host is up.. Results will be written to C:\temp\pingresults.txt

Or the PowerShell version:

C:\> 1..255 | foreach-object { (new-object System.Net.Networkinformation.Ping).Send("192.168.2.$_") } | where-object {$_.Status -eq "success"} | select Address


At first glance the results are very similar and you would think, "Why all the extra typing? The second command is 2.5 times longer!" The big difference between the standard windows command line and powershell is that the latter uses objects, which gives a lot of power…in our shell. Not let’s see how it works…

In the above command the range operator (..) generates a list of the numbers 1 through 255. The cool thing is you don’t have to use just a single range, you can string them together like this (1..5),7,(9..10) which would give you the numbers 1-10 skipping 6 and 8.

foreach-object { (new-object System.Net.Networkinformation.Ping).Send("10.10.10.$_") }

The foreach-object takes the numbers fed into the pipeline and operates on them one at a time. First, it creates a new ping object and then calls the send method. The parameter given to the send method is a string concatenation of 10.10.10. and the number from $_, which is the "current pipeline object." The $_ variable in our example will contain the numbers 1-255.

where-object {$_.Status -eq "success"}

The output of the send method is the PingReply object which contains a status. We can filter the results only successful pings reply objects will be sent further down the pipeline.

Select Address
Finally, all we care about is the address so that is the only piece we have displayed.

Now that we know how it works, let’s pimp out our powershell version.

First, we don’t have to just use a contiguous set of numbers. If we wanted to scan all ip address before, after and we could use this:
(1..99),(200..255),155 | foreach-object ….
We can use the results to feed into other commands. You can ping sweep an entire subnet and have it automatically do an nslookup, attempt to list the contents of the c$ share, and tell you that you are doing a good job (a little positive reinforcement never hurts).

PS C:\>1..255 | foreach-object { (new-object System.Net.Networkinformation.Ping).Send("10.10.10.$_") } | where-object {$_.Status -eq "success"} | foreach-object { nslookup $_; gci "\\$($_.Address)\c$"; echo "Good Job" }

The ping sweep can be sped up by setting a timeout value (in milliseconds). In the example below we set the timeout value to 100ms.

… (new-object System.Net.Networkinformation.Ping).Send("10.10.10.$_", 100) …