Hi, this is Gus and today I will be showing you how to discover like a boss.

Let’s jump into the demo and start some actions!


Windows Target Host

Our target victim machine is a windows box, and its IP address is, just remember that it ends with 103 then you will know that this is our target host.

Nmap Host Discovery  - HostDiscovery01 - Live Hosts Discovery – Nmap Tutorial


Now, on this machine, I blocked all the ICMP packet coming into the box using the File and Printer Sharing rules, and if you look at the left side, I selected the Inbound Rules:

Nmap Host Discovery  - HostDiscovery02 - Live Hosts Discovery – Nmap Tutorial


Let’s jump into Kali and check how we can identify this live host!


Ping Using Kali

First I will ping the destination windows box, and I’m using the C option to count three times before it stops.

Nmap Host Discovery  - HostDiscovery03 - Live Hosts Discovery – Nmap Tutorial

As you can see the ping tool is saying that my destination is not up and running, but that’s not the case right?


ARP Scan Using Kali

Let’s try to take advantage of the ARP table, and scan using the ARP scan tool!

And this time the tool has identified that our host is alive:

Nmap Host Discovery  - HostDiscovery04 - Live Hosts Discovery – Nmap Tutorial

That’s good on the LAN network, but what if I’m targeting a host on the internet? Then, we don’t have the ARP table available to us.

In this case, comes to the rescue! (more details in the next section – Ping Scan Using Kali)


And by the way, if you like this article, I have more detailed online courses about Nmap & Scanning:

Penetration Testing With Kali – Online Course:

Internal Footprinting: Reconnaissance and Mapping:


Nmap Ping Scan Using Kali

Alright, I will use the ping scan in Nmap to get the job done using the -sn option.

And voilà! I have the full hostname along with the domain name that it belongs to:

Nmap Host Discovery  - HostDiscovery05 - Live Hosts Discovery – Nmap Tutorial


And I can see clearly that the host is up and running as well:

Nmap Host Discovery  - HostDiscovery06 - Live Hosts Discovery – Nmap Tutorial


Nmap Ping Scan Explained

Now, why Nmap is so powerful using the ping scan to identify live hosts?

I’m assuming that you’re running a root user while executing Nmap in order to take advantage of all these features.

Nmap Host Discovery  - HostDiscovery07 - Live Hosts Discovery – Nmap Tutorial

  1. First of all, it sends an ICMP echo request
  2. Second, it sends an ICMP timestamp request
  3. After that, it will send a TCP ACK on port 80, and that’s very effective for live internet hosts
  4. Along with TCP SYN packet on port 443 for HTTPS
  5. Finally, Nmap will send an ARP request which is very powerful on the LAN network


Happy Learning!





Source link
Based Blockchain Network


Please enter your comment!
Please enter your name here