Ping Sweep

Detect live hosts within a range of IP addresses

Sample Report | Use Cases | Technical Details

Sample Report

Here is a Ping Sweep sample report:

  • Shows the hosts which are live/up on the given IP range
  • Includes reverse DNS information for each IP

Download Sample Report

Sample report

Ping Sweep - Use Cases

Enables you to see which IPs are 'live' within a given network range. Behind a 'live' IP there is a running server or workstation.

Perimeter Mapping

By seeing which hosts are live in a network range, you can map the perimeter of an organization and plan the pentesting work.

Work Estimation

This tool helps you estimate the security assessment effort for an organization by showing how many servers and workstations are reachable from the Internet.

Asset Inventory

You can use this tool to perform an asset inventory against your own network ranges. Detect old systems which should be updated or decomissioned.

Technical Details


Use this tool to discover which IPs are 'live' within a given network range. Behind a live IP there is a running server or workstation that responds to requests sent over the network.

Finding all live hosts within a network range is necessary in a penetration test for determining the complete attack surface of the client organization. Furthermore, this helps to estimate the effort for the whole project and is needed for concentrating the testing only to the live hosts.


Parameter Description
IP range The range of IP addresses that will be sweeped. Maximum 256 IP addresses can be sweeped in a row. The range can be specified in CIDR notation ( or IP range (
Do reverse DNS When this option is enabled, the tool will try to find the DNS name associated with each live IP address. Names are useful because they usually suggest the functionality of the system.

How it works

The tool calls Nmap with the proper parameters in order to do the sweeping. Behind the scene, Nmap sends multiple probes to the target systems to provoque responses which could suggest the hosts' liveness:
  • ICMP echo requests
  • TCP SYN on ports 80,443
  • ICMP timestamp requests