How To Discover Network Hosts With Nmap?

RSS
EMAIL
FACEBOOK
FACEBOOK
GOOGLE
GOOGLE
https://www.poftut.com/discover-network-hosts-nmap/
PINTEREST
PINTEREST
INSTAGRAM

Hi. We started with nmap target specification. Now we resume with host discovery options.Host discovery is detecting hosts in the same or remote network. Generally we send a packet to the target host and then we get a response or not but some times we just listen and get packets from hosts. We decide host status according to response if we get it. There are some different ways to send packets.

nmap default (if no option is given) action for host discovery is icmp echo and time stamp, sync to 443 (https) and ack to tcp 80 (http)

-PR option is used for arp inspection so it just send arp request. In the second block we see target host network dump. The -sn option disable port scan.

List scan is a passive scan so we do not send packets to the network we just listen. As you can see output there is one host which is up but scan shows no one is up.

No ping scan disables ping stage of scan. Normally a scan starts with ping to find live hosts and then start heavy port scan to the live hosts. But if you set this options it starts with heavy port scan for all specified hosts.

TCP Sync ping is another method for reliable scanning. To the given ports sync are send and got response if there is a host like RST or ACK. Here we scan for tcp 22

TCP Ack ping is like sync ping but as you guess ack and sync flags are set.

Udp ping is like tcp ping. Here you can specify data-length for packet which is randomly chosen payload.

ICMP ping types are used for ping icmp types. The mostly used and helpful is echo . This type of scan pings all of the hosts

Protocol list is used to specify ip protocol numbers. As you know icmp,tcp,udp,igm and similiar protocol numbers specified in ip packet header. Here we can set this numbers. For example udp is 17. This type of scan is not reliable so I skip it.

Resolving dns can slow down scan or it may be unnecessary . So we can stop dns resolving with -n option or force it with -R option. If we want to use system specified dns use –system-dns or want to specify manual dns servers use –dns-servers 8.8.8.8

RSS
EMAIL
FACEBOOK
FACEBOOK
GOOGLE
GOOGLE
https://www.poftut.com/discover-network-hosts-nmap/
PINTEREST
PINTEREST
INSTAGRAM

LEARN MORE  How To Check Java Version

Leave a Reply

Your email address will not be published.