Live Hosts Discovery - Nmap Tutorial

Introduction

Hi, this is Gus and today I will be showing you how to discover live hosts like a boss.

Let’s jump into the demo and start some actions!

Windows Target Host

Our target victim machine is a windows box, and its IP address is 10.0.20.103, just remember that it ends with 103 then you will know that this is our target host.

Now, on this machine, I blocked all the ICMP packet coming into the box using the File and Printer Sharing rules, and if you look at the left side, I selected the Inbound Rules:

Let’s jump into Kali and check how we can identify this live host!

Ping Using Kali

First I will ping the destination windows box, and I’m using the C option to count three times before it stops.

As you can see the ping tool is saying that my destination is not up and running, but that’s not the case right?

ARP Scan Using Kali

Let’s try to take advantage of the ARP table, and scan using the ARP scan tool!

And this time the tool has identified that our host is alive:

That’s good on the LAN network, but what if I’m targeting a host on the internet? Then, we don’t have the ARP table available to us.

In this case, Nmap comes to the rescue! (more details in the next section – Nmap Ping Scan Using Kali)

And by the way, if you like this article, I have more detailed online courses about Nmap & Scanning:

Penetration Testing With Kali Linux – Online Course:

http://www.pluralsight.com/courses/kali-linux-penetration-testing-ethical-hacking

Internal Footprinting: Reconnaissance and Mapping:

https://www.pluralsight.com/courses/internal-footprinting-reconnaissance-mapping

Nmap Ping Scan Using Kali

Alright, I will use the ping scan in Nmap to get the job done using the -sn option.

And voilà! I have the full hostname along with the domain name that it belongs to:

And I can see clearly that the host is up and running as well:

Nmap Ping Scan Explained

Now, why Nmap is so powerful using the ping scan to identify live hosts?

I’m assuming that you’re running a root user while executing Nmap in order to take advantage of all these features.

First of all, it sends an ICMP echo request
Second, it sends an ICMP timestamp request
After that, it will send a TCP ACK on port 80, and that’s very effective for live internet hosts
Along with TCP SYN packet on port 443 for HTTPS
Finally, Nmap will send an ARP request which is very powerful on the LAN network

Happy Learning!

Ethical Hacking / General / Scanning

GusKhawaja
Gus Khawaja is a security consultant, as well as an author in Cybersecurity. Gus Holds a BS degree in Computer Science and worked in IT security and Web application development. Gus has successfully delivered and developed IT solutions for companies in Canada. He is passionate about Technology and loves what he’s doing. After many years of experience in computer science, he has turned his attention to cyber security and the importance that security brings to this minefield. His passion for ethical hacking mixed with his background in programming and IT makes him a wise swiss knife professional in the computer science field.

Live Hosts Discovery – Nmap Tutorial

The Best [email protected] Book

Do You Want More Like This!