Nmap from Scratch | Part-3 | Discovering hosts

2 min readDec 20, 2020


Hey, I hope ya’ll are doing well, in this blog we will cover different scanning techniques to discover hosts .

- sL ( List Scan )

List scan is used to discover all the available hosts on a network without actually interacting with the target host, it does not perform a port scan, list scan is usually used in the enumeration phases to know what all hosts are available on the network.

- sn ( Ping Scan )

The main purpose of ping scan is to check whether the target host is alive or not, these scans are often blocked by firewalls in most of the cases generating false negatives, but it’s also one of the less invasive type of scan, and it does not perform any port scan.

- Pn ( Skip host discovery )

There are cases when the ping scan often get’s blocked by the firewall and as a result nmap shows us the host as down even though it’s up, so to circumvent this, Pn option is used which basically skips the ping scan and straightaway perform the port scan.

The above scans will do for majority of the cases but there might be cases when firewall would block the ping scan and nmap will generate false negatives that’s when the other options comes into play, some of them are.

-PS [ Ping scan with SYN flag ]
-PA [ Ping scan with ACK flag ]
-PU [ UDP ping scan ]
-n [ Never do DNS resolution ]
-PR [ ARP scan only ]
We can even use port number with the ping scan for example we can write:
nmap -PS80 nmap.scanme.org [ Perform ping scan on port 80 ]

This is it for this blog, we’ll cover different scanning techniques in the next blog. If you feel this blog needs any correction, ping me at A3h1nt .