5 Replies Latest reply: Feb 17, 2017 10:18 AM by Doug Kenline RSS

    ping sweep

    Doug Kenline

      how can I ping every ip address in the vlan?

       

      I have heard of a "ping sweep" or maybe that is not the correct term

       

      where you ping successively larger packet sizes in order to find out the mtu

       

      maybe this is called path mtu discovery 

       

      and if I ping the broadcast ip address, in theory I should get a reply from every device on the lan or vlan

       

       

      but is there some way to make the router ping every possible ip address in the network....

       

      for example in a /24 network ping .1, the ping .2, then ping .3 etc all the way up to ping .254?

       

       

       

      .

        • 1. Re: ping sweep
          Doug Kenline

          and then I have this one /27 vlan

           

          block size 32

           

          if I ping the broadcast ip address of .31

           

          I get no response from anybody

           

          .....

           

          but if I sho arp I can see all 1 through 30 ip addresses and I can ping them all individually !!!!!

           

          so it seems that the ping to the broadcast ip address is perhaps not ready for primetime?

           

          or sometimes it works and sometimes it doesn't?

           

          or what you call flakey?

           

           

          .

          • 2. Re: ping sweep
            Doug Kenline

            if I put

             

            ip directed-broadcast

             

            on the interface it's still the same.....ping broadcast ip .31 and get no response

             

            .....

             

             

             

             

            .

            • 3. Re: ping sweep
              Timothy Manito

              Tried doing ping to the network and broadcast address

              Core-Switch#ping 172.24.63.0 repeat 1

              Type escape sequence to abort.

              Sending 1, 100-byte ICMP Echos to 172.24.63.0, timeout is 2 seconds:

               

               

              Reply to request 0 from 172.24.63.201, 8 ms

              Reply to request 0 from 172.24.63.111, 16 ms

              Reply to request 0 from 172.24.63.122, 16 ms

              Reply to request 0 from 172.24.63.23, 12 ms

              Reply to request 0 from 172.24.63.19, 12 ms

              Reply to request 0 from 172.24.63.152, 12 ms

              Reply to request 0 from 172.24.63.217, 12 ms

              Reply to request 0 from 172.24.63.24, 12 ms

              Reply to request 0 from 172.24.63.216, 12 ms

              Reply to request 0 from 172.24.63.15, 12 ms

              Reply to request 0 from 172.24.63.18, 12 ms

              Reply to request 0 from 172.24.63.26, 12 ms

              Reply to request 0 from 172.24.63.115, 12 ms

              Reply to request 0 from 172.24.63.25, 12 ms

              Reply to request 0 from 172.24.63.215, 12 ms

              Reply to request 0 from 172.24.63.218, 12 ms

              Reply to request 0 from 172.24.63.27, 12 ms

              Reply to request 0 from 172.24.63.10, 12 ms

              Reply to request 0 from 172.24.63.21, 12 ms

              Reply to request 0 from 172.24.63.28, 12 ms

              Reply to request 0 from 172.24.63.14, 12 ms

              Reply to request 0 from 172.24.63.16, 12 ms

              Reply to request 0 from 172.24.63.110, 12 ms

              Reply to request 0 from 172.24.63.116, 12 ms

              Reply to request 0 from 172.24.63.117, 12 ms

              Reply to request 0 from 172.24.63.29, 8 ms

              Reply to request 0 from 172.24.63.210, 8 ms

              Reply to request 0 from 172.24.63.214, 8 ms

              Reply to request 0 from 172.24.63.123, 8 ms

              Reply to request 0 from 172.24.63.112, 8 ms

              Reply to request 0 from 172.24.63.114, 8 ms

              Reply to request 0 from 172.24.63.13, 8 ms

              Reply to request 0 from 172.24.63.17, 8 ms

              Reply to request 0 from 172.24.63.120, 8 ms

              Reply to request 0 from 172.24.63.213, 8 ms

              Reply to request 0 from 172.24.63.212, 8 ms

              Reply to request 0 from 172.24.63.211, 8 ms

              Reply to request 0 from 172.24.63.11, 8 ms

              Reply to request 0 from 172.24.63.12, 8 ms

              Reply to request 0 from 172.24.63.121, 8 ms

              Reply to request 0 from 172.24.63.151, 8 ms

              Reply to request 0 from 172.24.63.22, 8 ms

              Reply to request 0 from 172.24.63.119, 8 ms

              Reply to request 0 from 172.24.63.113, 8 ms

              Reply to request 0 from 172.24.63.118, 8 ms

               

               

              Core-Switch#ping 172.24.63.255 repeat 1

              Type escape sequence to abort.

              Sending 1, 100-byte ICMP Echos to 172.24.63.255, timeout is 2 seconds:

               

               

              Reply to request 0 from 172.24.63.123, 4 ms

              Reply to request 0 from 172.24.63.117, 24 ms

              Reply to request 0 from 172.24.63.12, 16 ms

              Reply to request 0 from 172.24.63.22, 16 ms

              Reply to request 0 from 172.24.63.216, 16 ms

              Reply to request 0 from 172.24.63.13, 12 ms

              Reply to request 0 from 172.24.63.118, 12 ms

              Reply to request 0 from 172.24.63.115, 12 ms

              Reply to request 0 from 172.24.63.14, 12 ms

              Reply to request 0 from 172.24.63.15, 12 ms

              Reply to request 0 from 172.24.63.151, 8 ms

              Reply to request 0 from 172.24.63.122, 8 ms

              Reply to request 0 from 172.24.63.10, 8 ms

              Reply to request 0 from 172.24.63.218, 8 ms

              Reply to request 0 from 172.24.63.110, 8 ms

              Reply to request 0 from 172.24.63.214, 8 ms

              Reply to request 0 from 172.24.63.213, 8 ms

              Reply to request 0 from 172.24.63.111, 8 ms

              Reply to request 0 from 172.24.63.28, 8 ms

              Reply to request 0 from 172.24.63.23, 8 ms

              Reply to request 0 from 172.24.63.24, 4 ms

              Reply to request 0 from 172.24.63.25, 4 ms

              Reply to request 0 from 172.24.63.19, 4 ms

              Reply to request 0 from 172.24.63.16, 4 ms

              Reply to request 0 from 172.24.63.116, 4 ms

              Reply to request 0 from 172.24.63.29, 4 ms

              Reply to request 0 from 172.24.63.210, 4 ms

              Reply to request 0 from 172.24.63.215, 4 ms

              Reply to request 0 from 172.24.63.27, 4 ms

              Reply to request 0 from 172.24.63.26, 4 ms

              Reply to request 0 from 172.24.63.112, 4 ms

              Reply to request 0 from 172.24.63.152, 4 ms

              Reply to request 0 from 172.24.63.113, 4 ms

              Reply to request 0 from 172.24.63.212, 4 ms

              Reply to request 0 from 172.24.63.121, 4 ms

              Reply to request 0 from 172.24.63.217, 4 ms

              Reply to request 0 from 172.24.63.201, 4 ms

              Reply to request 0 from 172.24.63.119, 4 ms

              Reply to request 0 from 172.24.63.114, 4 ms

              Reply to request 0 from 172.24.63.211, 4 ms

              Reply to request 0 from 172.24.63.11, 4 ms

              Reply to request 0 from 172.24.63.120, 4 ms

              Reply to request 0 from 172.24.63.18, 4 ms

              Reply to request 0 from 172.24.63.17, 4 ms

              Reply to request 0 from 172.24.63.21, 4 ms

               

               

              For ping sweep, it is the extended ping

              Core-Switch#ping

              Protocol [ip]:

              Target IP address: 8.8.8.8

              Repeat count [5]:

              Datagram size [100]:

              Timeout in seconds [2]:

              Extended commands [n]: y

              Source address or interface:

              Type of service [0]:

              Set DF bit in IP header? [no]:

              Validate reply data? [no]:

              Data pattern [0xABCD]:

              Loose, Strict, Record, Timestamp, Verbose[none]:

              Sweep range of sizes [n]: y

              Sweep min size [36]: 100

              Sweep max size [18024]: 1000

              Sweep interval [1]:

              • 4. Re: ping sweep
                Mark Holm - 3xCCIE #34763/CCDE #2016::20

                You could use tclsh for it - something like this:

                 

                R1#tclsh

                R1(tcl)#for {set i 1} {$i < 31} {incr i}  { ping 192.168.0.$i repeat 1 timeout 1 }

                 

                This will ping from 192.168.0.1 to 192.168.0.31 and could be extended to automatically look at the IP address of a given interface and derive the IP addresses and then ping away. But that could be too complex. This can just be copy/pasted - a more advanced script would likely need to be copied to the router and run from there.

                • 5. Re: ping sweep
                  Doug Kenline

                  ok thanks guys.