Host Discovery in Nmap Network Scanning

Nmap becomes the primary tool for scanning the network, while other scanner tools still compete with Nmap. Many hosts in the organization are filtered by the firewall which is not detectable in the network.  But this can be possible using host discovery using Nmap. Host discovery in Nmap is the process of gathering information about the host in the respective network. Host discovery is also known as ping scan. Nmap uses options like ping or built-in script to look after ports, services, and running servers on respective IPs using TCP and UDP. This may lead to further enumeration.

The function of Host discovery in Nmap:

• List Scan: A list scan generally lists the possible host without sending any packets to the targeted host.

nmap -sL www.w3wiki.com

• Ping Sweep: Ping sweep discovers on the basis the host is powered on.

nmap -sP www.w3wiki.com

• Disable ARP Ping: Nmap mostly uses ARP ping to discover the other host in the network. To disable ARP Ping, use option –disable-arp-ping.

nmap -sn www.w3wiki.com –disable-arp-ping 

• TCP SYN Ping: Nmap checks whether a host is online.

nmap -PS www.w3wiki.com 

• TCP ACK Ping: Nmap checks whether the host is responding.

nmap -sA www.w3wiki.com

• ICMP Echo Ping: Nmap sends ICMP packets to the available host.

nmap -PE www.w3wiki.com

• UDP Ping: Nmap sends the UDP packets to the targeted port.

nmap  -sU www.w3wiki.com

• IP Protocol Ping: Nmap tries to send different packets using different protocols.

nmap -v -PO www.w3wiki.com

• ARP Ping: ARP ping scan is used to discover the host devices in the same network. sometimes it will not visible due to firewall filtering.

nmap -PR www.w3wiki.com

• Traceroute: Traceroute helps to discover the following hops or pathways to the targeted host.

nmap -sn –traceroute www.w3wiki.com