(Batch) Ping Sweep

Posted by keith.wirch at October 28, 2013

Category: Batch, Scripts

So we inherited this system from a department at work.  The department got downsized and all documentation was GONE!  When I say gone…. I mean there people are gone and everything that was documented for it.  We got no logins, no IP addresses, nothing.  It was a VMware environment so the benefits of physical server hacking was gone.

After a while we finally were able to get administrative access.  This was some wizardry by one of the other admins.  My part was discover what was on the network.  Network Discovery was turned off for security reasons.  So I used a hacking technique called a Ping Sweep .  This ping sweep allows us to fill our ARP table on the computer and see which computers responded to the arp request.  I’m not a fan of installing random software on servers and workstations so I wanted a script.  So my friend Brian and I got to work on this script.  Batch scripting is not typically my favorite but it works decently well.

@echo off
cls
@color 0A
echo
echo *********************
echo PING SWEEP
echo *********************
echo
for /l %%a in (0,1,255) do (
 for /l %%b in (1,1,255) do (
 start ping -n 1 192.168.%%a.%%b | find "Reply"
  echo 192.168.%%a.%%b
)

REM Used to break up ping so not to overload the workstation.
REM This is curently used for the 3rd octect in the IP Address. Change the variable or the number to change increments.

IF %%a EQU 5 pause
IF %%a EQU 10 pause
IF %%a EQU 15 pause
IF %%a EQU 20 pause
IF %%a EQU 25 pause
IF %%a EQU 30 pause
IF %%a EQU 35 pause
IF %%a EQU 40 pause
IF %%a EQU 45 pause
IF %%a EQU 50 pause
IF %%a EQU 55 pause
IF %%a EQU 60 pause
IF %%a EQU 65 pause
IF %%a EQU 70 pause
IF %%a EQU 75 pause
IF %%a EQU 80 pause
IF %%a EQU 85 pause
IF %%a EQU 90 pause
IF %%a EQU 95 pause

IF %%a EQU 100 pause
IF %%a EQU 105 pause
IF %%a EQU 110 pause
IF %%a EQU 115 pause
IF %%a EQU 120 pause
IF %%a EQU 125 pause
IF %%a EQU 130 pause
IF %%a EQU 135 pause
IF %%a EQU 140 pause
IF %%a EQU 145 pause
IF %%a EQU 150 pause
IF %%a EQU 155 pause
IF %%a EQU 160 pause
IF %%a EQU 165 pause
IF %%a EQU 170 pause
IF %%a EQU 175 pause
IF %%a EQU 180 pause
IF %%a EQU 185 pause
IF %%a EQU 190 pause
IF %%a EQU 195 pause

IF %%a EQU 200 pause
IF %%a EQU 205 pause
IF %%a EQU 210 pause
IF %%a EQU 215 pause
IF %%a EQU 220 pause
IF %%a EQU 225 pause
IF %%a EQU 230 pause
IF %%a EQU 235 pause
IF %%a EQU 240 pause
IF %%a EQU 245 pause
IF %%a EQU 250 pause
IF %%a EQU 255 pause
)

So because I like color in my scritps, Line 3 allows you to pick your color. I like Green. Enjoy!

The script will open multiple command windows with the sole purpose of running a Ping command.  You can remove the “start” command from line 11 and it will only ping one at a time.  This will be very slow but you will bog down the workstation so much.

Which brings me to the last part of the script.  (Lines 18-70)

****WARNING****
This script is VERY processor instensive by default.  Do not try to do anything else while this script is running.  It will slow everything to a crawl.

This is why the last part of the script exists.  Those IF states cause the script to hault waiting for you to continue.  This allows the worksation to have a stopping point to catch up.If these are not there the scipt will just constantly run and run until you have just ping all ranges in the Class B address.  Don’t kill your workstation.  Just modify the IF statements to fit your liking.

Line 11 is where you designate the first two octets of your class B.  This can be configured to a class C easily if you understand variables.  Comment if you need help doing that.

Leave a comment

(required)
(required) (will not be published)