Overview
fping is a lightweight command-line utility that sends ICMP echo requests to multiple hosts in parallel, making it significantly faster than traditional ping for network scanning and host discovery. It’s ideal for quickly identifying active hosts on networks and network segments.
Installation
On Linux (Debian/Ubuntu)
# Install from package manager
sudo apt-get update
sudo apt-get install fping
# Verify installation
fping --version
On Fedora/RHEL
# Install fping
sudo dnf install fping
# Verify
fping --version
On macOS
# Using Homebrew
brew install fping
# Verify installation
fping --version
Building from Source
# Clone repository
git clone https://github.com/schweikert/fping.git
cd fping
# Build and install
./configure
make
sudo make install
# Verify
fping --version
Basic Ping Operations
Single Host Ping
# Ping a single host
fping google.com
# Ping specific IP address
fping 8.8.8.8
# Ping with timeout (milliseconds)
fping -t 500 google.com
# Ping with custom wait time between packets
fping -i 10 google.com
Multiple Hosts
# Ping multiple hosts
fping google.com yahoo.com cloudflare.com
# Ping multiple IPs
fping 8.8.8.8 1.1.1.1 208.67.222.222
# Results show only alive hosts
fping 8.8.8.8 192.0.2.1 1.1.1.1
Output Control
# Show only alive hosts
fping -a 8.8.8.8 1.1.1.1 192.0.2.1
# Show only unreachable/dead hosts
fping -u 8.8.8.8 1.1.1.1 192.0.2.1
# Show summary only
fping -q 8.8.8.8 1.1.1.1 192.0.2.1
# Verbose output with statistics
fping -v 8.8.8.8 1.1.1.1
# Show both alive and unreachable
fping -a -u 8.8.8.8 1.1.1.1 192.0.2.1
Range Scanning
IP Range Scanning
# Scan IP range
fping -g 192.168.1.0 192.168.1.255
# Scan with progress indicator
fping -g -s 192.168.1.0 192.168.1.255
# Scan and count results
fping -g 192.168.1.0 192.168.1.255 | wc -l
CIDR Network Notation
# Scan entire /24 subnet
fping -g 192.168.1.0/24
# Scan /25 subnet (128 hosts)
fping -g 10.0.0.0/25
# Scan /16 subnet (65536 hosts)
fping -g 172.16.0.0/16
# Scan /30 subnet (4 hosts)
fping -g 10.10.10.0/30
Large Network Scanning
# Scan with output statistics
fping -g -s 192.168.0.0/16
# Scan large network with timeout
fping -g -t 100 10.0.0.0/16
# Scan with increased retry count
fping -g -r 3 172.16.0.0/16
# Scan with custom interval between pings
fping -g -i 50 192.168.1.0/24
Reading Hosts from File
# Create host list file
cat > hosts.txt << EOF
192.168.1.1
192.168.1.100
google.com
example.com
8.8.8.8
EOF
# Scan hosts from file
fping -f hosts.txt
# Show only alive hosts from file
fping -f hosts.txt -a
# Show only dead hosts from file
fping -f hosts.txt -u
# Scan multiple files
fping -f hosts1.txt -f hosts2.txt
# Use stdin
cat hostlist.txt | fping -f -
# Mixed input
fping -f hosts.txt 192.168.1.0/24 8.8.8.8
Filter and Output Options
Filtering Results
# Show alive hosts only
fping -a 192.168.1.0/24
# Show unreachable hosts only
fping -u 192.168.1.0/24
# Show summary statistics
fping -q 192.168.1.0/24
# Show targets with no response
fping -g 192.168.1.0/24 2>/dev/null
# Show with response time
fping -e 192.168.1.1 192.168.1.2
# Show cumulative statistics
fping -s 192.168.1.0/24
# Quiet mode (summary only)
fping -q 192.168.1.0/24
# Very quiet mode
fping -qq 192.168.1.0/24
Timestamp and Logging
# Show timestamp for each response
fping -e -T 192.168.1.1
# Log results to file
fping -a 192.168.1.0/24 > alive_hosts.txt
# Log with error messages
fping -a 192.168.1.0/24 2>&1 | tee scan_results.txt
# Timestamp output for analysis
fping -e 192.168.1.0/24 | tee -a scan_$(date +%s).log
Concurrent Ping Control
# Default parallelism (usually works well)
fping 192.168.1.0/24
# Set concurrent pings to 100
fping -C 100 192.168.1.0/24
# Unlimited concurrent pings
fping -C 0 192.168.1.0/24
# Single ping at a time (slow)
fping -C 1 192.168.1.0/24
Timeout and Retry
# Set timeout to 100ms
fping -t 100 192.168.1.0/24
# Set timeout to 500ms
fping -t 500 192.168.1.0/24
# Set retry count to 3
fping -r 3 192.168.1.0/24
# Set retry count to 1
fping -r 1 192.168.1.0/24
# Increase wait time between packets
fping -i 50 192.168.1.0/24
Network and Host Limits
# Limit to 10 parallel pings
fping -C 10 192.168.1.0/24
# Scan with random host ordering
fping -R 192.168.1.0/24
# Randomize host order in range
fping -g -R 192.168.1.0/24
Advanced Scanning Techniques
Subnet Discovery Workflow
# 1. Fast initial scan to find alive hosts
fping -a 192.168.1.0/24 > alive_hosts.txt
# 2. Detailed scan of alive hosts with timing
fping -f alive_hosts.txt -e > detailed_results.txt
# 3. Scan again to verify
fping -f alive_hosts.txt -a
# 4. Create summary report
echo "Scan Date: $(date)" > report.txt
echo "Alive Hosts: $(cat alive_hosts.txt | wc -l)" >> report.txt
Network Reconnaissance
# Step 1: Scan network quickly
fping -g -s 192.168.0.0/16 > network_scan.log
# Step 2: Extract alive hosts
fping -g -a 192.168.0.0/16 > active_hosts.txt
# Step 3: Ping each active host
while read host; do
echo "=== $host ==="
fping -e "$host"
done < active_hosts.txt
# Step 4: Combine with other tools
fping -f active_hosts.txt | xargs nmap -sV
Continuous Monitoring
# Continuous ping with interval
fping -l 192.168.1.1
# Continuous ping until stopped
fping -l -i 200 192.168.1.1
# Monitor host availability
watch -n 5 'fping -a 192.168.1.0/24'
# Log continuous pings with timestamp
while true; do
fping -e 192.168.1.1 | tee -a monitor.log
sleep 10
done
Combining with nmap
# 1. Fast discovery with fping
fping -a 192.168.1.0/24 > hosts.txt
# 2. Port scanning with nmap
nmap -sV -iL hosts.txt
# 3. One-liner
fping -a 192.168.1.0/24 | awk '{print $1}' | xargs nmap -sV
Parsing Results for Analysis
# Extract IP addresses only
fping -a 192.168.1.0/24 | awk '{print $1}'
# Get response times
fping -e 192.168.1.0/24 | grep "alive"
# Filter by latency
fping -e 192.168.1.0/24 | awk '$3 < 50 {print}'
# Count alive vs dead
echo "Alive: $(fping -a -q 192.168.1.0/24 | wc -l)"
echo "Dead: $(fping -u -q 192.168.1.0/24 | wc -l)"
Shell Script Integration
#!/bin/bash
# Ping sweep and service discovery
NETWORK="192.168.1.0/24"
OUTPUT="network_scan_$(date +%Y%m%d_%H%M%S).txt"
# Run fping
fping -g -a -s $NETWORK > $OUTPUT
# Extract results
ALIVE=$(cat $OUTPUT | grep -c "alive")
DEAD=$(cat $OUTPUT | grep -c "unreachable")
# Report
echo "Network Scan Report"
echo "===================="
echo "Network: $NETWORK"
echo "Alive Hosts: $ALIVE"
echo "Dead Hosts: $DEAD"
echo "Scan Time: $(date)" >> report.txt
# fping results
fping -a 192.168.1.0/24 > fping_results.txt
# nmap ping scan
nmap -sn 192.168.1.0/24 | grep "Nmap scan" > nmap_results.txt
# Compare results
diff <(sort fping_results.txt) <(sort nmap_results.txt)
Practical Scanning Scenarios
Corporate Network Scanning
# Scan corporate subnets
fping -g -s 10.0.0.0/24 10.0.1.0/24 10.0.2.0/24
# Fast scan first
fping -a -C 50 10.0.0.0/16
# Detailed results with timing
fping -e -f discovered_hosts.txt
Home Network Inventory
# Scan home network
fping -g -a -e 192.168.1.0/24 > home_inventory.txt
# Show just IPs and hostnames
fping -a 192.168.1.0/24 | cut -d' ' -f1
# Check specific devices
fping -a -e 192.168.1.{1,100,50,200}
Server Health Checks
# Monitor critical servers
fping -l 10.0.0.5 10.0.0.6 10.0.0.7
# Check availability with logging
while true; do
fping -a 10.0.0.5 10.0.0.6 10.0.0.7 | tee -a server_health.log
sleep 60
done
# Alert on failure
fping -u 10.0.0.5 && echo "ALERT: Server down" | mail admin@example.com
Detecting Rogue DHCP
# Scan for unexpected hosts
fping -a 192.168.1.0/24 > baseline.txt
# Run regularly and compare
fping -a 192.168.1.0/24 > current.txt
diff baseline.txt current.txt
# Find new hosts
comm -13 baseline.txt current.txt
Common Patterns
Quick Network Scan
# Find all alive hosts on subnet
fping -a 192.168.1.0/24
Detailed Scan with Timing
# Show alive hosts with response time
fping -a -e 192.168.1.0/24
Save Results
# Save alive hosts to file
fping -a 192.168.1.0/24 > alive_hosts.txt
Check List of Hosts
# Ping hosts from file
fping -f hosts.txt
Quiet Mode
# Only show summary
fping -q 192.168.1.0/24
Troubleshooting
Permission Issues
# fping may require root for ICMP
sudo fping 192.168.1.0/24
# Or set capabilities
sudo setcap cap_net_raw=ep /usr/bin/fping
Slow Scans
# Increase concurrent pings
fping -C 100 192.168.1.0/24
# Reduce timeout
fping -t 100 192.168.1.0/24
# Reduce retry count
fping -r 1 192.168.1.0/24
Firewall Filtering
# Some hosts may block ICMP
# Try with increased timeout
fping -t 500 192.168.1.1
# Check if ICMP is blocked
sudo tcpdump -i any icmp and host 192.168.1.1
Best Practices
- Start with small ranges to understand behavior
- Use appropriate timeout values (100-500ms typically)
- Respect network policies and get permission before scanning
- Save results to file for later analysis
- Use summaries (-s, -q flags) for large network scans
- Combine with other tools for comprehensive assessment
- Document baseline scans for detecting changes
- Test on known hosts first to validate setup
- Use filters (-a, -u) to focus on relevant results
- Monitor large scans to avoid network saturation
Common Use Cases
| Scenario | Command |
|---|
| Find live hosts | fping -a 192.168.1.0/24 |
| Show response times | fping -a -e 192.168.1.0/24 |
| Scan from file | fping -f hosts.txt |
| Quick summary | fping -q 192.168.1.0/24 |
| Monitor host | fping -l 192.168.1.1 |
| Find dead hosts | fping -u 192.168.1.0/24 |
| Large network | fping -g -s 10.0.0.0/16 |
| With custom timeout | fping -t 200 192.168.1.0/24 |
Comparing fping with Alternatives
| Tool | Speed | Parallel | IP Ranges | Features |
|---|
| fping | Fast | Yes | Yes | Simple, efficient |
| ping | Slow | No | No | Single host |
| nmap -sn | Medium | Yes | Yes | More features |
| arping | Fast | Yes | No | ARP-based |
| hping3 | Fast | No | No | Advanced options |
Resources
