why doesn't broadcast ping work?

I have Freebsd as a router.
Local network is on interface sk0: inet 10.254.239.1 netmask 0xffffff00 broadcast 10.254.239.255
In my local network I have a computer(windows 7) that gets it's ip(10.254.239.2) from DHCP server on Freebsd.

  • Ping to exact address 10.254.239.2 works fine.

When I try to ping bradcast 10.254.239.255 from Freebsd itself nothing happens:

--- 10.254.239.255 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
  • #arp -a says:
    ...
    ? (10.254.239.255) at (incomplete) on sk0 expired [ethernet]
    ...

  • Firewall allows all on this interface

Where to look? What to do to make broadcast working?


Solution 1:

If you want to perform host discovery, don't use broadcast pings, just simply ping each possible permutation for a given subnet. It sounds heavy, but it actually takes seconds (brackets are important):

$ time ( s=192.168.0 ; for i in $(seq 1 254) ; do ( ping -n -c 1 -w 1 $s.$i 1>/dev/null 2>&1 && printf "%-16s %s\n" $s.$i responded ) & done ; wait ; echo )
192.168.0.5      responded
192.168.0.11     responded
192.168.0.2      responded
192.168.0.254    responded
192.168.0.4      responded

real    0m1.317s
user    0m0.004s
sys 0m0.084s

Solution 2:

Most operating systems simply ignore broadcast ICMP pings by default, for security reasons. You don't "make it work", and it has no effect on other kinds of broadcasts.


On FreeBSD, the net.inet.icmp.bmcastecho sysctl toggles this feature.

Solution 3:

I know this question is very old, but it's one of the top result when googling 'ubuntu broadcast ping'.

I would like to add that you can send broadcast ping requests (ICMP echo-requests) very easily from a Linux host, with the option -b. Microsoft, for some reason, doesn't allow this.

Here's a broadcast ping sent from an Ubuntu host:

ping -b 192.168.1.255
WARNING: pinging broadcast address
PING 192.168.1.255 (192.168.1.255) 56(84) bytes of data.
64 bytes from 192.168.1.247: icmp_seq=1 ttl=64 time=0.031 ms
64 bytes from 192.168.1.254: icmp_seq=1 ttl=64 time=0.960 ms (DUP!)
64 bytes from 192.168.1.202: icmp_seq=1 ttl=64 time=92.3 ms (DUP!)

Note the -b option to allow broadcast. As you can see, several hosts on my network have replied, including a Cisco switch, my own Ubuntu host, and an Apple laptop.

And yes, as others have said before, broadcast pings are terrible for scanning a network. Some hosts simply ignore echo-requests. There are much better tools for this purpose (E.g. nmap).