Simple IP Range Scan using PowerShell

I had to jump on a bunch of remote servers today that are largely unmanaged by my department.

Since it was the first time I’d needed to deal with this job, and there was no prior documentation, I needed to run a basic discovery process to see which machines were on the network. In lieu of finding, downloading, and installing an IP scan tool, I decided to give it a go using PowerShell 2.0, which is what was installed on these servers.

The network range to be scanned was a simple 192.168.0.0/24, so what I tried first was this:

1..254 | ForEach-Object {Test-Connection -ComputerName "192.168.0.$_" -Count 1 -ErrorAction SilentlyContinue}

This will at least tell me which IPs are alive, but it won’t resolve those IPs to hostnames. I discovered that several other people had the same gripe as me.

Since Test-Connection uses WMI under the covers, I decided to give the WMI-based solution a go. A bit of tweaking, and it resulted in what I needed.

Here’s the code, a classic PowerShell one-liner:

1..254 | ForEach-Object {Get-WmiObject Win32_PingStatus -Filter "Address='192.168.0.$_' and Timeout=200 and ResolveAddressNames='true' and StatusCode=0" | select ProtocolAddress*}

And here’s what it outputs:

image

More Information – MSDN: Win32_PingStatus

One thought on “Simple IP Range Scan using PowerShell

  1. This is a great script and it works very fast. Can you help me figure out who to add the current user logged into the machine?

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s