In networking and reconnaissance, a ping sweep is a network scanning method that can establish a range of IP addresses that map to live hosts. The most used tool to run a ping sweeps is fping, which traditionally was accompanied by gping to generate the list of hosts for large subnets, although the more recent version of fping includes that functionality.

Ping Sweep is also known as ICMP sweep. You can use fping command for ping sweep. This command is a ping-like program which uses the Internet Control Message Protocol (ICMP) echo request to determine if a host is up. fping is different from ping in that you can specify any number of hosts on the command line, or specify a file containing the lists of hosts to ping. If a host does not respond within a certain time limit and/or retry limit, it will be considered unreachable.


Ubuntu / Debian and other derived distribution

sudo apt install fping

Redhat / Centos and other derived distribution

In .rpm distributions we can install fping from the source file using the below commands.

cd /tmp/
tar -xvzf fping-4.2.tar.gz
cd fping-4.2/
make && make install

Or if you want fping to support IPv6 addresses follow next steps

./configure --prefix=/usr/local --enable-ipv4 --enable-ipv6
make && make install


Check the current fping version

fping -v


fping: Version 4.0
fping: comments to

Ping Multiple hosts from command line

fping localhost

Output is alive is alive
localhost is alive is alive is alive

Ping Multiple hosts using file

fping < file.txt is alive is alive is unreachable
localhost is alive is alive is alive is alive

Ping IPs range from command line

fping -s -g

Output is alive is alive
ICMP Host Unreachable from for ICMP Echo sent to
ICMP Host Unreachable from for ICMP Echo sent to
ICMP Host Unreachable from for ICMP Echo sent to
ICMP Host Unreachable from for ICMP Echo sent to
[...] is unreachable is unreachable is unreachable is unreachable is unreachable

255 targets
2 alive
253 unreachable
0 unknown addresses

253 timeouts (waiting for a response)
1014 ICMP Echos sent
2 ICMP Echo Replies received
1008 other ICMP received

0.05 ms (min round trip time)
1.71 ms (avg round trip time)
3.37 ms (max round trip time)
12.003 sec (elapsed real time)

Ping a complete Network

Using the below command you can ping a complete network once using the option (-r 1) within the parameters. As you can easily understand you can increase this value according to your specific needs.

fping -g -r 1


Port scans and ping sweeps cannot be blocked without taking the risk to compromise the network capabilities. However, it's possible to block such requests without any difficulties at host levels. Ping sweeps can be stopped if ICMP echo and echo-reply are turned off.

Blocking Ping Sweeps on Linux System

If you are using any Linux environment along with iptables you can easily block ping sweeps on every machine connected on the network adding into your iptables configuration the following rule:

iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP

Blocking Ping Sweeps on Windows System

On Windows machine it's also very easy to block ping sweeps but it's a little bit longer.

  • Log into Windows using an administrator-level account.
  • Press and hold the Windows key (located between the Ctrl and Alt keys) and the "R" key.
  • Type "wf.msc" in the box (no quotation marks), and press "Enter."
  • Right-click the "inbound rules" link in the left pane, and then click "New rule" from the context menu.
  • Select the "Custom" radio button, and click "Next."
  • Select "All Programs" and click "Next."
  • Choose ICMPv4 as your protocol type, and click "Next."
  • Click the "Customize" button.
  • Choose "echo request" as the "Specific ICMP type."

Important: If you have enabled port forwarding, make sure that TCP port 445 is closed. Otherwise, the pings will still get through.