PowerShell one liner to ping sweep a range of IPv4 addresses

I was in London a couple of weeks ago on an ethical hacking training course. It was very interesting subject matter, and our instructor mentioned his increasing interest in PowerShell for scripting. It chimed with me, as I’m finding PowerShell to be a very useful technology for a wide range of tasks.

One of the useful capabilities of PowerShell is the interactive shell, and the opportunity to quickly develop scripts that automate a laborious task.

So, how can we ping a range of IPv4 addresses with minimal effort? None of the IP addresses are configured to supress ICMP ping requests.

Your first thought might be to use NMAP. It’s certainly going to deliver the required outcome, and is likely to be fast, but it is a lot of software for a simple requirement. Surely PowerShell can achieve the same more efficiently?

Let’s look at a simple PowerShell command to carry out an ICMP ping request. The Test-Connection cmdlet provides the required functionality.

Test-Connection -ComputerName 192.168.50.20

The output is straightforward enough in tabulated format (a nice PowerShell feature):

Source        Destination     IPV4Address      IPV6Address                              Bytes    Time(ms)

------        -----------     -----------      -----------                              -----    --------

THOR          192.168.50.20                                                               32       0

THOR          192.168.50.20                                                               32       0

But the problem here is the pings are repeating, and we have more information than we really need. All I’m seeking is confirmation the host is up.

Let’s limit the pings to 1:

Test-Connection -ComputerName 192.168.50.20 -count 1

The output is straightforward enough in tabulated format (a nice PowerShell feature):

Source        Destination     IPV4Address      IPV6Address                              Bytes    Time(ms)

------        -----------     -----------      -----------                              -----    --------

THOR          192.168.50.20                                                               32       0

We’re getting there, and the output is now limited to one response, but it is still too much information. Let’s use the quiet parameter:

Test-Connection -ComputerName 192.168.50.20 -quiet -count 1

The output is a simple True or False value.

True

Looking better. Now, is there a way of stringing this together over an IP range? Here’s the one-liner:

20..80 | % {"192.168.50.$($_): $(Test-Connection -BufferSize 2 -TTL 5 -ComputerName 192.168.50.$($_ ) -quiet -count 1)"}

The first part creates the loop over 60 values. We’ve set a low buffer size to limit network traffic, and a short TTL. Adjusting the IP address fragment and the range at the start provides customisation.

Here’s the result:

192.168.50.20: True

192.168.50.21: False

192.168.50.22: False

192.168.50.23: False

192.168.50.24: False

192.168.50.25: False

192.168.50.26: False

192.168.50.27: False

192.168.50.28: False

192.168.50.29: False

192.168.50.30: False

…

This isn’t as fast as some alternative scanners, but as a simple one-liner it works well.

There are some faster async options on TechNet if you’ve got a lot to scan.

A Python comparison

Here’s a Python alternative, using the Windows ping tool, for comparison. It’s a bit more laborious, but there’s some benefit in using ipaddress.ip_ network as a network address generator.

####################################################
#
# IP Ping Sweeper, Python
# Author: Richard Gunstone <rgunstone@bcs.org.uk>
#
####################################################
import ipaddress
import subprocess

network = ipaddress.ip_network('192.168.50.0/24')
for i in network.hosts():
   i = str (i)
   tp = subprocess.check_output(['ping', '-n', '1', i], stderr=subprocess.STDOUT, universal_newlines=True)
   if tp.find("bytes=") == -1:
      True
   else:
      print (i, "is reachable")
This entry was posted in Uncategorised and tagged , , , , , , , , , , . Bookmark the permalink.