Ping sweep the network with nmap

Ping Sweep

Ping sweep is the process of pinging an entire range of network ip addresses to find out which ones are online or alive. Nmap is an excellent tool to do this quickly and effectively. Here is the command

$ nmap -sP 192.168.1.1-255

Starting Nmap 6.00 ( http://nmap.org ) at 2013-04-16 18:16 IST
Nmap scan report for 192.168.1.1
Host is up (0.0079s latency).
Nmap scan report for 192.168.1.92
Host is up (0.010s latency).
Nmap scan report for 192.168.1.101
Host is up (0.000086s latency).
Nmap scan report for 192.168.1.201
Host is up (0.0010s latency).
Nmap scan report for 192.168.1.237
Host is up (0.0019s latency).
Nmap done: 255 IP addresses (5 hosts up) scanned in 25.86 seconds

The above command scanned all ip addresses from 192.168.1.1 to 192.168.1.255 and found out 5 ips online. The command was run on linux without root privileges. Note that nmap on linux will take more time if it does not have root privileges, since it is unable to create raw sockets without it. On windows however there are no such restrictions and nmap would be fast enough.

So if you are on ubuntu for example then use sudo to run nmap always. It will be much faster and show more information

$ sudo nmap -sP 192.168.1.1-255

Starting Nmap 6.00 ( http://nmap.org ) at 2013-04-16 18:21 IST
Nmap scan report for 192.168.1.1
Host is up (0.0012s latency).
MAC Address: 6C:FD:B9:53:6A:21 (Proware Technologies Co)
Nmap scan report for 192.168.1.92
Host is up (0.0033s latency).
MAC Address: 00:1E:58:B8:D4:69 (D-Link)
Nmap scan report for 192.168.1.101
Host is up.
Nmap scan report for 192.168.1.201
Host is up (0.0010s latency).
MAC Address: 00:1C:C0:AE:B4:19 (Intel Corporate)
Nmap scan report for 192.168.1.237
Host is up (0.0040s latency).
MAC Address: 6C:F0:49:69:C1:25 (Giga-byte Technology Co.)
Nmap done: 255 IP addresses (5 hosts up) scanned in 7.13 seconds

Saw the difference ? Earlier it took around half a minute and now less than 10 seconds. Want to speed up the ping sweep further ? Keep reading...

The "-n" option will tell nmap to disable dns resolution, and this would speed up the scan further.

$ sudo nmap -sP 192.168.1.1-255 -n

Starting Nmap 6.00 ( http://nmap.org ) at 2013-04-16 18:22 IST
Nmap scan report for 192.168.1.1
Host is up (0.0012s latency).
MAC Address: 6C:FD:B9:53:6A:21 (Proware Technologies Co)
Nmap scan report for 192.168.1.92
Host is up (0.0031s latency).
MAC Address: 00:1E:58:B8:D4:69 (D-Link)
Nmap scan report for 192.168.1.101
Host is up.
Nmap scan report for 192.168.1.201
Host is up (0.00090s latency).
MAC Address: 00:1C:C0:AE:B4:19 (Intel Corporate)
Nmap scan report for 192.168.1.237
Host is up (0.0019s latency).
MAC Address: 6C:F0:49:69:C1:25 (Giga-byte Technology Co.)
Nmap done: 255 IP addresses (5 hosts up) scanned in 5.86 seconds






Check the time, its 2 seconds lesser than previous time. Improved, but can be made better. Use the max-rtt-timeout to speed up the scan further. Lets use a roundtrip timeout of 50ms.

$ sudo nmap -sP 192.168.1.1-255 -n --max-rtt-timeout 50ms

Starting Nmap 6.00 ( http://nmap.org ) at 2013-04-16 18:28 IST
Nmap scan report for 192.168.1.1
Host is up (0.0012s latency).
MAC Address: 6C:FD:B9:53:6A:21 (Proware Technologies Co)
Nmap scan report for 192.168.1.92
Host is up (0.0029s latency).
MAC Address: 00:1E:58:B8:D4:69 (D-Link)
Nmap scan report for 192.168.1.101
Host is up.
Nmap scan report for 192.168.1.201
Host is up (0.00058s latency).
MAC Address: 00:1C:C0:AE:B4:19 (Intel Corporate)
Nmap scan report for 192.168.1.237
Host is up (0.0022s latency).
MAC Address: 6C:F0:49:69:C1:25 (Giga-byte Technology Co.)
Nmap done: 255 IP addresses (5 hosts up) scanned in 1.72 seconds

Now the scan completed in less than 2 seconds and is quite good. When using lower roundtrip times, the accuracy may reduce, since some hosts may reply after the timeout and nmap won't be able to catch their replies. However when pinging/scanning the local area network, hosts generally reply very fast and using a very small roundtrip timeout will give accurate results. Try using a timeout of 5-10ms and nmap should show the results in less than a second.

So have fun ping sweeping your network!! If you want to learn nmap further then check out my previous tutorials on port scanning with nmap.

Last Updated On : 16th April 2013

Subscribe to get updates delivered to your inbox

Leave a comment