LinuxCommandLibrary

ipscan

Scan network for live hosts

TLDR

Scan a specific IP address

$ ipscan [192.168.0.1]
copy

Scan a range of IP addresses
$ ipscan [192.168.0.1-254]
copy

Scan a range of IP addresses and save the results to a file
$ ipscan [192.168.0.1-254] -o [path/to/output.txt]
copy

Scan IPs with a specific set of ports
$ ipscan [192.168.0.1-254] -p [80,443,22]
copy

Scan with a delay between requests to avoid network congestion
$ ipscan [192.168.0.1-254] -d [200]
copy

Display help
$ ipscan --help
copy

SYNOPSIS

ipscan [options] ip-ranges

PARAMETERS

-z
    Zero-I/O mode: fastest scan, minimal output (summary only)

-b
    Ping hosts before port scanning

-u
    UDP port scan

-m
    Detect MAC addresses

-n
    Disable DNS reverse lookups

-s
    TCP SYN scan (default)

-c
    Full TCP connect scan

-o
    Output open ports only

-p ports
    Scan specific ports or ranges (e.g., -p 80,443)

-t ms
    Packet timeout in milliseconds (default 500)

-r
    Randomize scan order

-v
    Verbose output

-4
    IPv4 only

-6
    IPv6 only

-w
    Windows-compatible output format

DESCRIPTION

ipscan is a lightweight, high-speed command-line tool designed for scanning IP addresses and common ports across large networks. Developed for efficiency, it can scan the entire IPv4 Internet in under 10 minutes on modern hardware by leveraging raw sockets and optimized algorithms.

It supports ping sweeps, TCP SYN scans, UDP scans, and MAC address detection, making it ideal for network discovery, vulnerability assessment, and security auditing. Unlike heavier tools like nmap, ipscan prioritizes speed over feature richness, producing minimal output by default to reduce I/O overhead.

Key strengths include zero-I/O mode for maximum throughput, customizable port lists, and support for CIDR notation or IP ranges (e.g., 10.0.0.0/8). It requires root privileges for raw packet operations and works best on Linux/Unix systems. While not as versatile, its simplicity and velocity make it a go-to for quick reconnaissance tasks.

CAVEATS

Requires root for raw sockets; may trigger firewalls/IDS; no evasion features; IPv6 support limited; output format basic.

EXAMPLES

ipscan 192.168.1.0/24
Scan LAN for open common ports.

ipscan -z -p 80,443 10.0.0.0/8
Zero-I/O scan of class A network on web ports.

PERFORMANCE

Achieves 1M+ packets/sec; scans /8 in minutes. Use -z for peak speed on gigabit links.

HISTORY

Created by Claes Nästén in 2008 as fyngrind ipscan; open-source C implementation focused on raw speed. Updated sporadically; widely used in pentesting for its sub-second subnet scans.

SEE ALSO

nmap(1), masscan(1), zmap(1), unicornscan(1)

Copied to clipboard