ICMP scan can also identify live hosts by sending an ICMP Echo request. 100.1-20Ībove, you can see an ARP request and reply captured by Wireshark. Getting an ARP reply means that the hosts exist and since this ARP is needed for routing packets, a firewall won’t interfere in the exchange. Scanning the ports at this stage would generate too much traffic, take time and resources, and is likely to trigger security alerts.īelow are some methods to identify live IPs:ĪRP scanning can be used to stealthily discover the hosts in the local LAN. If the target is unknown and large, the recommendation is to identify hosts first. To discover available hosts, the following packets are sent (as seen in the below screen capture below from Wireshark packet analyzer): In the older version of the tool, the option for ping sweep was -sP in the newer version, it is -sn. This way, the user gets a complete list of open ports and the services running on them.īy default, Nmap uses requests to identify a live IP. It uses unicornscan to scan all 65535 ports, and then feeds the results to Nmap for service fingerprinting.
Based on the live IPs detected, it can scan for ports and services, reveal MAC addresses, as well as resolve hostnames.
There is also a graphical version known as Zenmap, which offers easy access to scanning options and network mapping diagrams. Some of its features include Host Discovery, Port Scan, Service and OS fingerprinting, and Basic Vulnerability detection. Our focus is on Nmap (Network Mapper), by far the most popular tool for network discovery and port scanning.
Multiple tools can produce good results, but some port scanners are better for a particular task than others. For an attacker, this is the first step to get info about the target’s network and identify a potential way in, since services running on an open port could be vulnerable to attacks. Network administrators and penetration testers use port scanning to discover open communication channels on computer systems. This article is a deep dive into how Nmap works, to understand its internal structure, and to master its functionality.