Nmap from Scratch | Part-3 | Discovering hosts

Hey, I hope ya’ll are doing well, in this blog we will cover different scanning techniques to discover hosts .

- sL ( List Scan )

List scan is used to discover all the available hosts on a network without actually interacting with the target host, it does not perform a port scan, list scan is usually used in the enumeration phases to know what all hosts are available on the network.

- sn ( Ping Scan )

The main purpose of ping scan is to check whether the target host is alive or not, these scans are often blocked by firewalls in most of the cases generating false negatives, but it’s also one of the less invasive type of scan, and it does not perform any port scan.

- Pn ( Skip host discovery )

There are cases when the ping scan often get’s blocked by the firewall and as a result nmap shows us the host as down even though it’s up, so to circumvent this, Pn option is used which basically skips the ping scan and straightaway perform the port scan.

The above scans will do for majority of the cases but there might be cases when firewall would block the ping scan and nmap will generate false negatives that’s when the other options comes into play, some of them are.

-PS [ Ping scan with SYN flag ]
-PA [ Ping scan with ACK flag ]
-PU [ UDP ping scan ]
-n [ Never do DNS resolution ]
-PR [ ARP scan only ]
We can even use port number with the ping scan for example we can write:
nmap -PS80 nmap.scanme.org [ Perform ping scan on port 80 ]

This is it for this blog, we’ll cover different scanning techniques in the next blog. If you feel this blog needs any correction, ping me at A3h1nt .




Infosec Enthusiast | Student

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

PitFalls To Avoid While Building A Fintech App — Backend

COFAC ERC-20 token specification

Why Hackathons are tools for social impact

Supercharge your microservices by splitting load to readonly database replicas.

supercharge your microservices by using read only databases

Is No-Code Really a Threat to Traditional Developers?

Developing AWS lambda functions + S3 Resources Locally with LocalStack: A Hello World

Ways For Using Power BI Embedded In Websites and Apps

Assembling the Scala SQL Exodia, Part 1

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Infosec Enthusiast | Student

More from Medium

Here’s what you need to know about Pentests.

Getting started with Manual Content Discovery

Step 11: Attacking Web Applications with Ffuf

Dig Dug(EASY) — Try hack Me