A ping scan, also called an Internet Control Message Protocol (ICMP) scan, is a diagnostic technique used in computing to see what range of Internet Protocol (IP) addresses are being used by active hosts, which are typically computers. It is often used to report where active machines are on a network, and is sometimes used by a system administrator to diagnose a network problem. Ping scans are also used by hackers, those looking to enter a network to see which computers are active and where to focus their attacks.
An IP address is pinged to see if it is active.
The word ping originated from sonar technology. It is the common way submarines work to detect bodies in the water. A sound packet is sent, and if there is an object in the way, the sound packet returns and is usually picked up as a “ping” sound when received.
In computer technology, the single ping is sent using an ICMP echo request. The packet is sent to a specific IP address, and if that address is active, it will send a notification. Ping requests also provide other information, such as how long it took for the signal to return and whether there was packet loss. A variety of commands that can be added to the ping request, so you can send a lot more information too.
Multiple ICMP echo packets are sent to multiple hosts during a ping scan. If a host is up, it will return the ICMP echo request. The request is a bit more involved than a single ping, and specialized versions of the ping utility will usually be used. One of the most popular ping scanning utilities is called Fping. It works differently than a single ping utility like the one that is built into all Windows® operating systems.
Unlike a single ping request, Fping can use a list of addresses from a file so the user does not have to manually enter each address. It also works on a round-robin basis and once you ping one host, it moves on to the next without waiting. Fping should be used in a script for ease of use, unlike the single ping request program.
Unfortunately, most of those who use a ping scan are hackers. They use it to scan large networks to know where to focus their efforts. Hackers can also slow down traffic on a network by continually pinging addresses. Many network systems have ways to block this type of traffic, but the easiest way is to disable ICMP packets. If a system administrator needs to do a ping scan, they can simply re-enable ICMP packets temporarily. Ping scans are considered older and slower technologies and are not used as much as they were in the past.
