• Kali Linux Bible Book
    Kali Linux Bible Book Cover

Live Hosts Discovery – Nmap Tutorial

November 27, 2018

Introduction

Hi, this is Gus and today I will be showing you how to discover live hosts like a boss.

Let’s jump into the demo and start some actions!

 

Windows Target Host

Our target victim machine is a windows box, and its IP address is 10.0.20.103, just remember that it ends with 103 then you will know that this is our target host.

Nmap Host Discovery

 

Now, on this machine, I blocked all the ICMP packet coming into the box using the File and Printer Sharing rules, and if you look at the left side, I selected the Inbound Rules:

Nmap Host Discovery

 

Let’s jump into Kali and check how we can identify this live host!

 

Ping Using Kali

First I will ping the destination windows box, and I’m using the C option to count three times before it stops.

Nmap Host Discovery

As you can see the ping tool is saying that my destination is not up and running, but that’s not the case right?

 

ARP Scan Using Kali

Let’s try to take advantage of the ARP table, and scan using the ARP scan tool!

And this time the tool has identified that our host is alive:

Nmap Host Discovery

That’s good on the LAN network, but what if I’m targeting a host on the internet? Then, we don’t have the ARP table available to us.

In this case, Nmap comes to the rescue! (more details in the next section – Nmap Ping Scan Using Kali)

 

And by the way, if you like this article, I have more detailed online courses about Nmap & Scanning:

Penetration Testing With Kali Linux – Online Course:

http://www.pluralsight.com/courses/kali-linux-penetration-testing-ethical-hacking

Internal Footprinting: Reconnaissance and Mapping:

https://www.pluralsight.com/courses/internal-footprinting-reconnaissance-mapping

 

Nmap Ping Scan Using Kali

Alright, I will use the ping scan in Nmap to get the job done using the -sn option.

And voilà! I have the full hostname along with the domain name that it belongs to:

Nmap Host Discovery

 

And I can see clearly that the host is up and running as well:

Nmap Host Discovery

 

Nmap Ping Scan Explained

Now, why Nmap is so powerful using the ping scan to identify live hosts?

I’m assuming that you’re running a root user while executing Nmap in order to take advantage of all these features.

Nmap Host Discovery

  1. First of all, it sends an ICMP echo request
  2. Second, it sends an ICMP timestamp request
  3. After that, it will send a TCP ACK on port 80, and that’s very effective for live internet hosts
  4. Along with TCP SYN packet on port 443 for HTTPS
  5. Finally, Nmap will send an ARP request which is very powerful on the LAN network

 

Happy Learning!

 

 

 

 


Share

Ethical Hacking  / General  / Scanning

GusKhawaja
Gus Khawaja is a security consultant, as well as an author in Cybersecurity. Gus Holds a BS degree in Computer Science and worked in IT security and Web application development. Gus has successfully delivered and developed IT solutions for companies in Canada. He is passionate about Technology and loves what he’s doing. After many years of experience in computer science, he has turned his attention to cyber security and the importance that security brings to this minefield. His passion for ethical hacking mixed with his background in programming and IT makes him a wise swiss knife professional in the computer science field.