Ping Sweep with For Loop

I know this has been document all over but I like using this as a quick ping sweep but I like to filter on TTL vs Reply unlike some other examples out there.  When you find on Reply you get some where it states Reply from 10.1.1.4: Destination host unreachable.  I don't care about the Destination host unreachable and I only want to know the machines that replied so I use Find "TTL".  See Below
 
Example
From windows
for /L %i in (1,1,255) do @ping -n 1 10.1.16.%i | find "TTL"
 

Reply from 10.1.16.1: bytes=32 time=10ms TTL=253

Reply from 10.1.16.14: bytes=32 time=14ms TTL=125

Reply from 10.1.16.15: bytes=32 time=11ms TTL=125

Reply from 10.1.16.16: bytes=32 time=8ms TTL=125

Reply from 10.1.16.17: bytes=32 time=9ms TTL=125

Reply from 10.1.16.21: bytes=32 time=11ms TTL=61

Reply from 10.1.16.27: bytes=32 time=12ms TTL=125

Reply from 10.1.16.31: bytes=32 time=12ms TTL=61

Reply from 10.1.16.32: bytes=32 time=7ms TTL=125

Reply from 10.1.16.35: bytes=32 time=12ms TTL=125

Reply from 10.1.16.39: bytes=32 time=9ms TTL=125

Reply from 10.1.16.41: bytes=32 time=8ms TTL=125

Reply from 10.1.16.42: bytes=32 time=7ms TTL=125

 

Remember TTL can also tell you what OS is running for the most part if the device has not been tweaked.
253 from the first one indicates its a Sun OS, or maybe a Cisco router - 254 - hop count
125 indicates its a windows because windows is 128 - hop count.
61 indicates its some sort of Linux box typically 64 - hop count.
Basically it gives you an idea of what type of system.  You will still have to utilize a tool like nmap or amap to find out versioning to really hone in on the OS type.
 
In Linux
# for i in {1..254} ; do (ping -c 1 10.10.2.$i | grep "ttl" |cut -d" " -f4 |cut -d":" -f1 &); done
The cut feature is nice to get only the ip address to add to a text file and upload to a vulnerability scanner.  Also by using the & you are backgrounding the operation and makine the loop run faster.