ICMPScan 1.1

ICMPScan scans the specified address, or addresses, for ICMP responses.
  1 Screenshot
ICMPScan scans the specified address, or addresses, for ICMP responses.


icmpscan [ -EPTSNMAIRcvbn ] [ -A address ] [ -f filename ] [ -i interface ] [ -r retries ] [ -t timeout ] target [...]


-i, --interface
Listen on the specified interface. If unspecified, icmpscan will examine the routing table and select the most appropriate interface for each target address.
-c, --promisc
Put in interface into promiscuous mode. As this option increases the load on the system in general, it should only be used if spoofing of source packets address is enabled with the "-A" option.
-A, --address
Specify the source IP address of generated packets.
-t, --timeout
Specify the timeout, in milli-seconds, before retrying.
-r, --retries
Specify the number of attempts to elicit a particular ICMP response.
-f, --file
Read target list from the specified file.
-E, -P, --echo, --ping
Check of ICMP Echo responses.
-T, -S, --timestamp
Check for ICMP Timestamp responses.
-N, -M, --netmask
Check for ICMP Netmask responses.
-I, --info
Check for ICMP Info responses.
-R, --router
Check for ICMP Router Solicitation responses.
-v, --verbose
Increase the output verbosity.
-B, --debug

Target Specification

The simplest case is listing single hostnames or IP addresses on the command line. If you want to scan a subnet of IP addresses, you can append /mask to the hostname or IP address. mask must be between 0 (scan the whole Internet) and 32 (scan the single host specified). Use /24 to scan a class "C" address and /16 for a class "B". There is also a more powerful notation which lets you specify an IP address using lists/ranges for each element. Thus you can scan the whole class "B" network 192.168.*.* by specifying "192.168.*.*" or "192.168.0-255.0-255" or even "192.168.1-50,51-255.1,2,3,4,5-255". And of course you can use the mask notation: "". These are all equivalent. If you use asterisks ("*"), remember that most shells require you to escape them with back slashes or protect them with quotes.


The following example checks the first 16 addresses in the netblock for all ICMP responses. The scan speed is increased by lowering the timeout value and setting the number of retries to 1:

> icmpscan -t 500 -r 1 Echo (From!) Address Mask [] (From!) Echo Timestamp [0x03ab2db0, 0x02d4c507, 0x02d4c507] Address Mask [] Echo Address Mask []
To display failed probes, increase the output verbosity:

> icmpscan -v -- No response to Echo request -- -- No response to Timestamp request -- -- No response to Netmask request -- -- No response to Info request -- -- No response to Router Solicitation request --
Individual ICMP types can be checked for by listing their corresponding flags on the command line:

> icmpscan -v --echo --netmask Echo Address Mask []


libdnet (libdumbnet under Debian)


make install

last updated on:
August 22nd, 2007, 16:24 GMT
license type:
GPL (GNU General Public License) 
developed by:
Dave Armstrong
ROOT \ System \ Networking
Download Button

In a hurry? Add it to your Download Basket!

user rating 14



Rate it!

Add your review!