The other day I needed a tool to help me find out which devices are live within a specific range; I also needed to find out for which of those I had a valid DNS A record added. So I’ve looked around and came across a few PingSweep windows applications which would kind-of help me – but not quite. The reason why these tools were not good enough is that I could give them a range, but couldn’t specify I would only like specific hosts within that range.

Let’s put this into context:

  • You have 200 sites; at each site, you have 3 switches
  • The management IP on those switches is 192.168.<site>.249, 192.168.<site>.250 & 192.168.<site>.251, respectively
  • The DNS name follows the pattern SITE-<site>-SW-{A,B,C}

For example, site 210 will have three switches: SITE-210-SW-A, SITE-210-SW-B & SITE-210-SW-C and the IP addresses of, &


  1. you need to find out which of those switches are actually being used, at each site
  2. you also need to know which of those are reachable via DNS


Now you are thinking – let’s ping /16 range right? Well … you could! But you will also be hitting a lot of IPs which you are not even interested in – you only need to hit .249 to .251, within the 192.168.<site>.0 /24 range. Furthermore, you may not be able to do so by using the hostnames!

Here is a better way of doing it – you can use the FOR DOS command – to see the full syntax, open a command line and write:

help for <enter>


Going back to our case, we will build our PingSweep in stages:

1. The command to create a loop through the 200 sites; %y is a variable which takes values from 1 to 200, in steps of 1:

for /L %y in (1,1,200)

2. The command to create a loop through the range on the 3rd octet, in the IP address; %x is a variable which takes values from 249 to 251, in steps of 1:

for /L %x in (249,1,251)

3. Grouping the two commands together:

for /L %y in (1,1,200) do @for /L %x in (249,1,251) do @ping -n 1 192.168.%y.%x -w 100

4 . Using the DNS name (here, we need to run three commands, one for each switch:

for /L %y in (1,1,5) do @ping -n 1 SITE-%y-SW-A -w 100

for /L %y in (1,1,5) do @ping -n 1 SITE-%y-SW-B -w 100

for /L %y in (1,1,5) do @ping -n 1 SITE-%y-SW-C -w 100

Note that the “@” character is used to mask the command – so that it won’t show on the console; you can freely remove it to see the difference.

Also, you could start being a bit fancier here … you could for instance direct the output to a filename using the “>>” or “>” directives.

You can now simply copy and paste these commands and see how they work; even if the range above is not valid in your network, the output should still be relevant to show how this works.

This blog was inspired from here.

Thank you,
View Rafael A Couto Cabral's profile on LinkedIn

Leave a reply

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>