Don’t Ping
By default, before Nmap attempts to scan a system for open ports it will first ping
the target to see if it is online. This feature helps save time when scanning as it
causes targets that do not respond to be skipped.
Results of a Nmap scan where the target system is not pingable
In the above example the specified target is not scanned as it does not respond to
Nmap’s pings. The -PN option instructs Nmap to skip the default discovery check
and perform a complete port scan on the target. This is useful when scanning hosts
that are protected by a firewall that blocks ping probes.
Usage syntax: nmap -PN [target]
By specifying the -PN option on the same target, Nmap is able to produce a list of
open ports on the unpingable system.
By default, before Nmap attempts to scan a system for open ports it will first ping
the target to see if it is online. This feature helps save time when scanning as it
causes targets that do not respond to be skipped.
$ nmap 10.10.5.11
Starting Nmap 5.00 ( http://nmap.org ) at 2009-08-13 08:43 CDT
Note: Host seems down. If it is really up, but blocking our ping
probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 3.16 seconds
Results of a Nmap scan where the target system is not pingable
In the above example the specified target is not scanned as it does not respond to
Nmap’s pings. The -PN option instructs Nmap to skip the default discovery check
and perform a complete port scan on the target. This is useful when scanning hosts
that are protected by a firewall that blocks ping probes.
Usage syntax: nmap -PN [target]
$ nmap -PN 10.10.5.11Output of a Nmap scan with ping discovery disabled
Starting Nmap 5.00 ( http://nmap.org ) at 2009-08-13 08:43 CDT
Interesting ports on 10.10.5.11:
Not shown: 999 filtered ports
PORT
STATE
3389/tcp open
SERVICE
ms-term-serv
Nmap done: 1 IP address (1 host up) scanned in 6.51 seconds
By specifying the -PN option on the same target, Nmap is able to produce a list of
open ports on the unpingable system.