The Quick and Dirty (and Free!) IP Scanner
Posted: November 10, 2011 Filed under: Tid-bits | Tags: free ip scanner, ip, ip address, ip address scanner, ip scanner 1 CommentIf, on occasion, you need to scan a range of IP addresses for live devices but don’t have access to the many tools for such a task, free or otherwise, memorize this little trick and move on to more important things!
Open a command prompt and type
for /L %i in (1,1,254) do ping -n 1 xxx.xxx.xxx.%i | find “Reply” >> c:\ping.txt
Be sure to replace the x’s in the above command with the correct portion of the IP address range you want to scan.
The output below is what the command looks like when it’s running.
Real quick, here’s what the command does. It’s a for loop, as you tell. For loops repeat certain instructions while a certain condition exists.
An explanation of the format of the for command can be found by typing “for /?” at the command prompt and wading through the small book that’s dumped on your screen. I’ve included the relevant portion below.
FOR /L %variable IN (start,step,end) DO command [command-parameters]
The set is a sequence of numbers from start to end, by step amount. So (1,1,5) would generate the sequence 1 2 3 4 5 and (5,-1,1) would generate the sequence (5 4 3 2 1)
Then the ping command uses the “-n 1” switch and argument to send only one ping packet. This is useful if you don’t want to wait for the default four ping packets for each IP address. Notice that the same variable, %i, appears at the end of the IP address in the command. This variable will be replaced by the step-wise numbers in parentheses.
To figure out which IP addresses are responding, we search the output of each ping command with the “find” command, into which the ping output is piped. The find command searches for the string, “Reply,” capitalization included. You can add the forward slash capital I, /I, switch will tell the find command to be case in-sensitive when searching for the string in which case you can search for the string “reply.”
Finally, we send the output of this entire command to a text file so we can search it later. Each IP address that is alive will have a single line in the text file. If you don’t see an IP address in the text file, you can be reasonably certain that the IP address is not alive.
even cleverer is this:
for /L %v in (1,1,254) do @ping -n 1 -w 500 x.x.x.%v | find “TTL” || echo %v | find “0 ”
this returns:
10
20
30
Reply from x.x.x.31: bytes=32 time=4ms TTL=128
Reply from x.x.x.32: bytes=32 time<1ms TTL=128
..
searching for TTL is more language neutral than Reply
|| means if it's not found, do:
show me the %v, but just the ones with zero at the end