Ping sweep from Windows

Courtesy of Youfoobar, here’s the best Windows command-line one-liner I’ve seen in a very long time: a ping sweep from Windows. If you’re not familiar with a ping sweep, read on. If you need to quickly scan your network to see if anyone’s added any new systems without telling you–something that only ever happens to me, right?–this tool will help you detect that, then head off those questions about why you haven’t patched and installed antivirus on that new server yet.

Ping sweep from Windows in one line

This one-liner uses a lot of Windows’ bag of tricks.

FOR /L %%i in (1,1,255) do @ping -n 1 -w 200 192.168.1.%%i | find "TTL" >> C:\Ping_Sweep_Results.txt

The FOR statement is the key here, sequencing the following command through the values 1-255. I wish I’d known that trick 12 years ago. That’s what the /L parameter and the list in parenthesis permit.

The -n and -w switches on the ping command just tell it to take one response and wait longer than usual for it. The defaults don’t always give a busy system enough time to respond, and on a workplace network, you can rest assured some of the systems will be busy.

Replace 192.168.1 with the network you want to scan.

The pipe redirection through the find command filters out any machines that don’t reply, and then the >> directs the output to a file.

A better version

If you’re willing to make the batch file longer, you can make it even more useful.

For /F "tokens=1,2,3 delims=/ " %%A in ('Date /t') do (
Set Day=%%A
Set Month=%%B
Set Year=%%C
Set All=%%A-%%B-%%C
FOR /L %%i in (1,1,255) do ping -n 1 -w 200 192.168.1.%%i | find "TTL" >> c:\pingsweep_results_%all%.txt

The extra lines allow it to append the date to the filename. Then you can run the command on a regular basis and compare against recent results. On recent versions of Windows, when you open the text file in Notepad, hit Ctrl-End to go to the end of the file, then hit Ctrl-G, you’ll get a line count. If the line count changes, then the number of machines on the network has changed.

I have the opposite of a ping sweep, converting a list of hostnames to IP addresses, if you need that too. If you find stuff like this useful, I’ve collected most of my scripting resources in a single post about scripting Windows sysadmin tasks.

One thought on “Ping sweep from Windows”

Comments are closed.