Documentation Index
Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt
Use this file to discover all available pages before exploring further.
ICMP Ping Sweep
Nmap
Specific range:
Disable DNS resolution (faster):
nmap -sn -n 10.10.10.0/24
nmap -sn 10.10.10.0/24 -oG - | grep "Up" | awk '{print $2}'
fping
fping -a -g 10.10.10.0/24 2>/dev/null
| Flag | Description |
|---|
-a | Show alive hosts only |
-g | Generate target list from CIDR |
for i in $(seq 1 254); do (ping -c 1 -W 1 10.10.10.$i | grep "bytes from" &); done
CMD One-liner
for /L %i in (1,1,254) do @ping -n 1 -w 200 10.10.10.%i | find "Reply" && echo 10.10.10.%i is alive
PowerShell
1..254 | % { Test-Connection -Count 1 -Quiet -ComputerName "10.10.10.$_" -ErrorAction SilentlyContinue | ? { $_ } | % { "10.10.10.$using:_" } }
1..254 | ForEach-Object -Parallel {
if (Test-Connection -Count 1 -Quiet -ComputerName "10.10.10.$_" -ErrorAction SilentlyContinue) {
"10.10.10.$_"
}
} -ThrottleLimit 50
ARP Scan (Local Network)
More reliable than ICMP — can’t be blocked by firewall.
arp-scan
Specific interface:
Specific range:
Nmap ARP
nmap -sn -PR 10.10.10.0/24
TCP Discovery (ICMP Blocked)
When ICMP is blocked, use TCP to find live hosts.
TCP SYN on common ports
nmap -sn -PS22,80,443,445,3389 10.10.10.0/24
TCP ACK
nmap -sn -PA80,443 10.10.10.0/24
UDP Discovery
nmap -sn -PU53,161 10.10.10.0/24
Netdiscover (Passive + Active)
Active
netdiscover -r 10.10.10.0/24
Passive (Stealth)
Quick Decision
Same subnet?
├─ Yes → arp-scan -l (fastest, can't be blocked)
└─ No
├─ ICMP allowed? → nmap -sn (standard ping sweep)
└─ ICMP blocked? → nmap -sn -PS22,80,443 (TCP discovery)