What is a Ping Sweep?

A ping sweep, also called an Internet Control Message Protocol (ICMP) sweep, is a diagnostic technique used in computing to see what range of Internet Protocol (IP) addresses are in use by live hosts, which are usually computers. It is usually used to tell where active machines are on a network, and is sometimes utilized by a system administrator for diagnosing a network issue. Ping sweeps are also used by computer hackers, those seeking to break into a network, to see what computers are active so they know where to concentrate their attacks.

The word ping originated from sonar technology. It is the common way submarines work to detect bodies in water. A sound packet is sent out and if there is an object in the way, the sound packet comes back, and is usually picked up as a “pinging” sound when received.

In computer technology, the single ping is sent using an ICMP echo request. The packet is sent to a specific IP address and if that address is active, it will send back notification. Ping requests also offer other information, such as how long the signal took to get back as well as if there was any packet loss. A variety of commands that can be added to the ping request, so it can also send back much more information.

Multiple ICMP echo packets are sent to multiple hosts during a ping sweep. If a host is active then it will return the ICMP echo request. The request is a bit more complicated than a single ping, and specialized versions of the ping utility will typically be used. One of the most well-known ping sweep utilities is called Fping. It works differently than a single ping utility, like the one that is built into all Windows® operating systems.

Unlike a single ping request, Fping can utilize a list of addresses from a file so the user doesn’t have to manually enter in each address. It also works in a round-robin fashion, and once it pings one host, it moves onto the next one without waiting. Fping is meant to be used in a script for ease of use, unlike the single ping request program.

Unfortunately, the bulk of those who use a ping sweep are hackers. They use it to check large networks so they know where to focus their efforts. Hackers can also slow down traffic on a network if they continually ping addresses. Many network systems have ways of blocking this type of traffic, but the easiest way is to disable ICMP packets. If a system administrator needs to do a ping sweep, he could simply re-enable ICMP packets temporarily. Ping sweeps are considered older and slower technology, and they are not in use as much as in the past.