You will recall I hope this statement from Part 1<\/p>\n\n\n\n
In its simplest form it is an advanced IP Scanner, much like the Windows utility of the same name and others you may know such as Angry IP Scanner.<\/p><\/blockquote>\n\n\n\n
If you read that you’d be forgiven for thinking this is the place to start .<\/p>\n\n\n\n
nmap <ip address><\/code><\/pre>\n\n\n\n
But if you do this you’ll send at least one SYN packet to the default port selection on the host you’ve scanned and as you can see in this image from Wireshark, you could be sending more than one.<\/p>\n\n\n\nWireshark capture showing SYN based port scan<\/figcaption><\/figure>\n\n\n\n
On my lab network at home it took 760 seconds to scan a single host, which isn’t very efficient if you just want to see whats live on your network.<\/p>\n\n\n\n
\n\n\n\n
You need to be specific with Nmap. The Nmap online manual advises that the dafult port range consist of 100 ports [3]<\/p>\n\n\n\n
Tell it what YOU<\/strong> want it to do and what YOU<\/strong> want it to scan. To do a simple ping based IP scan to see if a host or hosts are up, you have to tell it to ignore the port scanning by explicitly asking it to only do host enumeration.<\/p>\n\n\n\n
In the help screen we have this switch<\/p>\n\n\n\n
-sn: Ping Scan - disable port scan<\/code><\/pre>\n\n\n\n
So the command we need to run a simple host discovery scan using ICMP ping would be:<\/p>\n\n\n\n
![\"\"\/](\"https:\/\/s3.us-west-2.amazonaws.com\/secure.notion-static.com\/2a9b27d2-62f6-4b28-94b3-6ea35a87b8ed\/Untitled.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAT73L2G45O3KS52Y5%2F20201220%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20201220T181254Z&X-Amz-Expires=86400&X-Amz-Signature=6d3c82ce8d635be3729fbdd239ac8bc222b947c4e9f7689f015f0d45e0ea9cf3&X-Amz-SignedHeaders=host&response-content-disposition=filename%20%3D%22Untitled.png%22\")