SQLPing came out of my curiosity and observations of SQL Server's discovery mechanisms. When a SQL Server 2000 client wishes to connect to a server it first attempts a pre-connection query against UDP 1434 (unregistered listener service on any SQL Server 2000 server). Upon seeing the handshake (packet payload 0x02), the SQL Server replies with details about all named instances installed on the server including instance name, version, clustering info, net-libs supported, and net-lib details (ports, pipe names, etc.). Using this tool, you can reveal this information as well as send discovery packets to entire networks (i.e. 192.168.0.255) for mass interrogation.