Computer Networks/Ping/Sweep

From Wikiversity
Jump to navigation Jump to search

A ping sweep is a network reconnaissance using some type of ping (ICMP echo/reply) to locate hosts on a network. These activities will show you how to use the ping command to perform a ping sweep.

Preparation[edit]

To prepare for this activity:

  1. Start Windows.
  2. Log in if necessary.

Activity 1 - Identify the Host Network[edit]

To identify the host network:

  1. Open a command prompt.
  2. Use ipconfig to display the host IP address. Note the IPv4 Address displayed.
  3. Identify the host network. For this activity, the host network will be assumed to be a 24-bit network based on the first three octets of the host IP address. For example, if the IPv4 Address is 192.168.1.101, this activity will assume that the host network is 192.168.1.0, and has potential host addresses from 192.168.1.1 through 192.168.1.254.

Activity 2 - Perform a Ping Sweep[edit]

To perform a ping sweep:

  1. From a Microsoft OS command line, Type for /l %i in (1,1,254) do ping -n 1 -w 100 <first three octets of host network>.%i. For example, if the host network is 192.168.1.0, the command would be for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i. This command instructs the computer to loop (for /l) counting from 1 by 1 to 254 (1,1,254) and execute (do) a ping command with a count (-n) of 1 and a wait (-w) time of 100 milliseconds and the given network address and changing host (%i) address. If using a bash command shell, on most Linux OS, a similar example would resemble for i in {1..25}; do ping -c 1 -W 1 10.1.1.$i ; done, where the count for ($i) would be from 1 to 25.
  2. Press Enter.
  3. Observe the results as the command sweeps the network searching for hosts.

Activity 3 - List Responding Hosts[edit]

Most systems now have a firewall in place that prevents them from responding to the ping sweep. However, they will still acknowledge the underlying Address Resolution Protocol (ARP) request that first converts their IP address into a Media Access Control (MAC) address. To list hosts that responded to the ARP request:

  1. Use arp -a to view the ARP cache.
  2. Observe the list of hosts on the network.
  3. Close the command prompt to complete this activity.

Readings[edit]

References[edit]