Nmap Host Discovery

RSS
EMAIL
FACEBOOK
FACEBOOK
GOOGLE
GOOGLE
https://www.poftut.com/nmap-host-discovery/
PINTEREST
PINTEREST
INSTAGRAM

Nmap Tutorial Index

  1. Introduction To Network Scanning with Nmap
  2. Nmap Installation (Ubuntu, Centos, Fedora, Windows)
  3. Nmap Target Specification
  4. Nmap Host Discovery
  5. Nmap Port Scan (TCP, UDP, ACKi SYNC,..)
  6. Nmap Port Specification and Scan Order
  7. Nmap Script and Version Scan
  8. Nmap Operating System Detection
  9. Nmap Timing and Performance
  10. Nmap Output

Before start any port, script or version scan hosts should be discovered. Only discovered hosts will be scanned by port,service or version.

List Scan

List scan will do not send any packet to the targets and only show dns names of the targets by resolving them.

  • We use -sL flag and the ip address of host/network.

  • We get that dns name of the host is sof02s18-in-f5.1e100.net . As we did not send any package to the target is seems down.

No Port Scan / Ping Scan

We can simple use ping to scan our targets. This option only sends icmp packages and do not scan ports completely. This operation is consist of

  • ICMP Echo
  • TCP Sync 443
  • TCP Ack 80
  • ICMP Timestamp

  • We provide only -sn option to make ping scan.

  • We see from out that our target is up
LEARN MORE  Linux Mtr Command Tutorial with Examples To Network Diagnostics

No Ping/Skip Discovery

Nmap have to ability to completely skip discovery stage. We know that the target hosts are up or we just want to full scan whether they are up or down.

  • We provide -Pn option to skip ping scan.

TCP Syn Ping

This option sends empty syn packets to the tcp/80 . Alternate ports can be specified with -P22

  • Send empty tcp sync packet to the target with -PS option

TCP Ack Ping

This is similar to the TCP Syn Ping but Ack is send to the tcp/80. As there is no active connection the target will send Rst back. So this means the host is up.

  • -PA Send tcp packets with Ack flag set

UDP Ping

As you guess Udp version of the TCP Sync Ping. If no port is specified default port is 40125

  • -PU enables Udp based discovery

ICMP Ping

Icmp is very useful protocol for pen-testing. Here is some of icmp scan techniques.

  • Send icmp time stamp packet to the target with -PE

IP Protocol Ping

This is newer discovery technique. Nmap simple send different network layer protocol numbers to the target. Default protocols are icm, igmp, ip-in-ip.

  • Send protocol types with -P0

ARP Ping

Arp ping is very stable and useful technique. It simple send arp packets to the connected lan. There is no ip or related upper layer packets. Detecting this type of discovery is very hard compared other discovery techniques. Ipv6 is supported with Neighbor Discovery.

LEARN MORE  Arping Command Tutorial With Examples For Linux

  • Send arping with -PR

  • To disable arp ping use –disable-arp-ping

Traceroute

Normally during the host discovery path to the target is found with TTL magic. So to get traceroute we can use –traceroute  option for this.

No Dns Resolution

Dns resolution is done by default. Dns resolution can be disabled with -n option.

  • -n will disable dns resolution

Dns Resolution For All Targets

Normally dns resolution is done for the up targets. If we want to dns resolution for all targets even down hosts use -R

  • Resolve all dns names of targets with -R

Specify Dns Servers

If we do not want to use our hosts name resolution we can set new dns servers for the scan.

  • Set new dns servers with sequencially manner with –dns-servers

Nmap Tutorial Index

  1. Introduction To Network Scanning with Nmap
  2. Nmap Installation (Ubuntu, Centos, Fedora, Windows)
  3. Nmap Target Specification
  4. Nmap Host Discovery
  5. Nmap Port Scan (TCP, UDP, ACKi SYNC,..)
  6. Nmap Port Specification and Scan Order
  7. Nmap Script and Version Scan
  8. Nmap Operating System Detection
  9. Nmap Timing and Performance
  10. Nmap Output
RSS
EMAIL
FACEBOOK
FACEBOOK
GOOGLE
GOOGLE
https://www.poftut.com/nmap-host-discovery/
PINTEREST
PINTEREST
INSTAGRAM

You may also like...

Leave a Reply

Your email address will not be published.

Enjoy this blog? Please spread the word :)