Host Discovery Controls

Before moving ahead and getting more aggressive with Nmap we need to learn about Host discovery or say Ping Scan to confirm that our target is active/online/responsive to our probes or not.

• List Scan (-sL) It simply lists each host on the network without sending any aggressive probe like OS detection,Port scan or Version detection and hence it saves time. Using List Scan we can check whether the IP addresses we are passing as value or in a file which are to be scanned are proper, correctly typed, proper range is given. Because once we initiate scan it may take a lot time and what if lator it gives output "Improper Target addressing"

nmap -sL 192.168.10.1-6 172.217.194.136 112.196.7.180

• Ping Scan (-sP) It is same as List scan but it is one step more intrusive than List scan.It is only used to do ping to target to know its availability. It performs light reconnaissance on target without getting much attention of it.

nmap -sP 172.217.194.136 112.196.7.180

• Disable Ping (-Pn) By default Nmap does scanning of hosts which are up but there can be cases when hosts are behind firewall which are not responding to Nmap and Nmap is assuming them to be down. So using this Disable Ping we can scan all host assuming them to be Up.It may take a lot time because it is going to check for each hosts which may not be Up even but again being a pentester we can not miss even a single Target.

nmap -Pn 192.168.10.1/29

In this CIDR 29 means total 8 hosts available, and as we can see in result nmap went for each host to do scanning