Avatar of David Sankovsky
David Sankovsky
Flag for Israel asked on

Find All IPs with a specific hop in the trace

Hi Experts..

I need a PowerShell script to Tracert an entire range (For Example 10.20.30.[0-255])
And search for a specific Address as one of the hops (For example
and if that address appears, that address will be appended to a simple text file.

Any ideas?
PowershellScripting LanguagesShell ScriptingWindows OS

Avatar of undefined
Last Comment
Dan Craciun

8/22/2022 - Mon
Brian Murphy

Is ICMP enabled?

If so, you could start with tracert -d (no DNS resolution).

I just want to make sure ICMP is not disabled before I suggest next steps for Powershell.

David Sankovsky

The computer that will be running the script is open with DMZ to the entire range, and ICMP is certainly enabled on both the sources ( and the Destination (These are example addresses)

There might be addresses in the path that won't answer though.
Also, if it's relevant, we can't assume the required IP Address will always be the same hop.
Brian Murphy

What are we working with?  

.NET 4.5.2 with MS Management Framework 4.0 aka Powershell 4 is good.

.NET 4.6 with MS Management Framework 5.0 aka Powershell 5 with DSC better

Either works, which one?
Your help has saved me hundreds of hours of internet surfing.
Brian Murphy

So that I'm clear, all you want to do is pass a variable to a range or array of IP?

So, mytrace

And output all the "hops" to get at that IP?

Is it one subnet?  There are no hops, yes?  I'm missing something.  It happens.
Brian Murphy

I'm thinking...

Test-Connection, BTW.

That is our start point.  Probably.
Brian Murphy

If you have older versions, we can use WMI - possibly
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Brian Murphy

Well, someone beat me to it.  If this works, we should not make a new wheel.  I'm not convinced yet it will do what you want, however.  Because I'm not sure what that is, yet.


They probably used Sapien Powershell Studio.  That is what I used, they compiled a binary script that pings but also gives TTL.  

Ping Admin tool is powerful tool based on PowerShell scripting.
Using Power Admin tool you can Ping to Single, multiple Server/computers or IP range.
Moreover, Ping Admin tool gives you OS type as well in the output, along with FQDN and IP address.
If, IP range selected then it will show TTL value as well.
David Sankovsky

Major  Minor  Build  Revision
-----  -----  -----  --------
5      0      10240  16384
Brian Murphy

Your going to need WMF 5.0 for the good stuff
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
Brian Murphy

That works, but there are some awesome new SDK's for WMF 5.0

I could not get that ping tool to run

David Sankovsky

I'd rather not install too many additional modules on the server that will be executing the script
Brian Murphy

Still, what is the output look like in your dimension?  Take out the text file for a moment....

Here is a very basic port scan, 1 liner.  But you said something about finding a specific IP in a subnet or subnets?  What is the deliverable here?

IPAddress          HostName          Ports          
---------          --------          -----           DC01.hacme.local      {53, 139, 389, 445...}          SRV01.hacme.local     {21, 80, 139, 445...}        SP01.hacme.local      {80, 139, 445}
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Brian Murphy

The # of IP's changes the design.  Look at Test-Connection and the difference between async and sync scans.

Asynchronous IP range scan:
Days              : 0
Hours             : 0
Minutes           : 0
Seconds           : 18
Milliseconds      : 199
Ticks             : 181999900
TotalDays         : 0.000210648032407407
TotalHours        : 0.00505555277777778
TotalMinutes      : 0.303333166666667
TotalSeconds      : 18.19999
TotalMilliseconds : 18199.99

Synchronous IP range scan:
Days              : 0
Hours             : 0
Minutes           : 1
Seconds           : 4
Milliseconds      : 667
Ticks             : 646679415
TotalDays         : 0.000748471545138889
TotalHours        : 0.0179633170833333
TotalMinutes      : 1.077799025
TotalSeconds      : 64.6679415
TotalMilliseconds : 64667.9415
David Sankovsky

I may have not explained myself properly.
I have a certain range\24
I need to use the command tracert -d for each and every address in the range,
Then to scan the output for a certain hop ( for example) and then to write to a file only those addresses which have that speific address in the trace.

(To make it simpler to understand the point of the exercise, I have two firewalls, both sitting behind Junipers, Some addresses are routed to the old firewall and some to the new. I need to those which are routed to the old one to know which ones I have to migrate. Since the person managing the Juniper Routers is out of the country for the next couple of months, I'll have to do it this way as I have no CLI access to the Juniper router)
Brian Murphy

Much better.  Thanks.  I did not understand, this helps.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Brian Murphy

Ah man.  No CLI Access?  So much easier.
Brian Murphy


Does all that and more, you just populate your text file with your ranges or CSV and it will export everything out to whatever you want; txt, csv, html.

I run it on Linux and Windows.  I have on my MGMT server in the DMZ.  Along with a bunch of other cool stuff.

I mean, I'm willing to play but what your asking is not something I can pull off in a day.  But I'll help if NMAP is not an option for you.
Brian Murphy

Actually, David.  I forgot about hdping.

It is still supported.

And free, http://www.hping.org/


But, not sure it will do "exactly" what you want so I'll start looking at Powershell options.  I have a few ideas.
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Dan Craciun

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
David Sankovsky

Thanks Dan! That seems to be what I'm looking for, I'll set it to run and see the results tomorrow.
I'll let you know how it went.
David Sankovsky

Great Script!!
Worked like a charm.
Thanks a lot
Dan Craciun

You're welcome.

Glad I could help!
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes