How to Ping Sweep / Scan the Network with Nmap

By | August 11, 2020
0 Comment

Ping Sweep

Ping sweep is the process of pinging an entire range of network ip addresses to find out which ones are online or alive.

Nmap is an excellent tool to do this quickly and effectively.

Here is the command

$ nmap -n -vv -sn 192.168.1.1-255 -oG - | grep -i 'up'
Host: 192.168.1.1 ()    Status: Up
Host: 192.168.1.5 ()    Status: Up
Host: 192.168.1.207 ()  Status: Up
# Nmap done at Tue Aug 11 17:40:08 2020 -- 255 IP addresses (3 hosts up) scanned in 10.05 seconds

The above command scanned all ip addresses from 192.168.1.1 to 192.168.1.255 and found out 3 ips online. The command was run on linux without root privileges.

Here is a brief explanation of the options used.

"-sn" - Ping Scan
"-oG" - Output in grepable format
"-vv" - Verbose output
"-n" - Do not resolve ip address to hostname (to speed up the scan)

Note that nmap on linux will take more time if it does not have root privileges, since it is unable to create raw sockets without it. On windows however there are no such restrictions and nmap would be fast enough.

So if you are on ubuntu for example then use sudo to run nmap always. It will be much faster and show more information

$ sudo nmap -n -vv -sn 192.168.1.1-255 -oG - | grep -i 'up'
[sudo] password for enlightened: 
Host: 192.168.1.1 ()    Status: Up
Host: 192.168.1.3 ()    Status: Up
Host: 192.168.1.5 ()    Status: Up
Host: 192.168.1.207 ()  Status: Up
# Nmap done at Tue Aug 11 17:41:00 2020 -- 255 IP addresses (4 hosts up) scanned in 7.71 seconds

When run with root privileges using "sudo", nmap is able to scan faster.
The "-n" option will tell nmap to disable dns resolution, and this would speed up the scan further.

Faster Ping Sweep

Use the max-rtt-timeout to speed up the scan further.
Lets use a roundtrip timeout of 100ms.

$ sudo nmap --max-rtt-timeout 100ms -n -vv -sn 192.168.1.1-255 -oG - | grep -i 'up'
Host: 192.168.1.1 ()    Status: Up
Host: 192.168.1.3 ()    Status: Up
Host: 192.168.1.5 ()    Status: Up
Host: 192.168.1.21 ()   Status: Up
Host: 192.168.1.207 ()  Status: Up
# Nmap done at Tue Aug 11 17:55:32 2020 -- 255 IP addresses (5 hosts up) scanned in 3.25 seconds

Now the scan completed in less than 2 seconds and is quite good. When using lower roundtrip times, the accuracy may reduce, since some hosts may reply after the timeout and nmap won't be able to catch their replies.

However when pinging/scanning the local area network, hosts generally reply very fast and using a very small roundtrip timeout will give accurate results.

Try using a timeout of 5-10ms and nmap should show the results in less than a second.

Conclusion

To learn more about nmap check the manual page at:
https://linux.die.net/man/1/nmap

If you want to learn nmap further then check out this post:
Nmap Tutorial - How to Port Scan Remote Hosts

If you have any feedback or questions, let us know in the comments below.

About Silver Moon

A Tech Enthusiast, Blogger, Linux Fan and a Software Developer. Writes about Computer hardware, Linux and Open Source software and coding in Python, Php and Javascript. He can be reached at [email protected].

Leave a Reply

Your email address will not be published. Required fields are marked *