Devilz Linux

ICMP Echo Ping The -PE option performs an ICMP (Internet Control Message Protocol) echo ping on the specified system. Usage syntax: nmap -PE [target] # nmap -PE 192.168.1.254 Starting Nmap 5.00 ( http://nmap.org ) at 2009-08-16 13:26 CDT Interesting ports on home (192.168.1.254): Not shown: 998 closed ports PORT STATE SERVICE 80/tcp open 443/tcp open http https MAC Address: 00:25:3C:5F:5A:89 (2Wire) Nmap done: 1 IP address (1 host up) scanned in 1.89 seconds Performing an ICMP echo ping The -PE option sends a standard ICMP ping to the target to see if it replies. This type of discovery works best on local networks where ICMP packets can be transmitted with few restrictions. Many internet hosts, however, are configured not respond to ICMP packets for security reasons. Note The -PE option is automatically implied if no other ping options are specified.

SCTP INIT Ping The -PY parameter instructs Nmap to perform an SCTP INIT ping. Usage syntax: nmap -PY[port1,port1,etc] [target] # nmap -PY 192.168.1.254 Starting Nmap 5.00 ( http://nmap.org ) at 2009-08-16 13:28 CDT Interesting ports on home (192.168.1.254): Not shown: 998 closed ports PORT STATE SERVICE 80/tcp open 443/tcp open http https MAC Address: 00:25:3C:5F:5A:89 (2Wire) Nmap done: 1 IP address (1 host up) scanned in 0.79 seconds  Performing a SCTP INIT ping This discovery method attempts to locate hosts using the Stream Control Transmission Protocol (SCTP). SCTP is typically used on systems for IP based telephony. note The default port for -PY is 80. Others can be specified by using the following syntax: nmap -PY22,25,80,443,etc.

TCP ACK Ping The -PA performs a TCP ACK ping on the specified target. Usage syntax: nmap -PA[port1,port1,etc] [target] # nmap -PA 192.168.1.254 Starting Nmap 5.00 ( http://nmap.org ) at 2009-08-16 13:31 CDT Interesting ports on home (192.168.1.254): Not shown: 998 closed ports PORT STATE SERVICE 80/tcp open 443/tcp open http https MAC Address: 00:25:3C:5F:5A:89 (2Wire) Nmap done: 1 IP address (1 host up) scanned in 0.81 seconds Performing a TCP ACK ping The -PA option causes Nmap to send TCP ACK packets to the specified hosts. This method attempts to discover hosts by responding to TCP connections that are nonexistent in an attempt to solicit a response from the target. Like other ping options, it is useful in situations where standard ICMP pings are blocked.   note The default port for -PA is 80 , but others can be specified using the 50 following syntax: nmap -PA22,25,80,443,etc. UDP Ping The -PU option performs a UDP ping on the target system . Usage syntax: nmap

TCP SYN Ping The -PS option performs a TCP SYN ping. Usage syntax: nmap -PS[port1,port1,etc] [target] # nmap -PS scanme.insecure.org Starting Nmap 5.00 ( http://nmap.org ) at 2009-08-16 13:31 CDT Interesting ports on scanme.nmap.org (64.13.134.52): Not shown: 995 filtered ports PORT STATE SERVICE 53/tcp open domain 70/tcp closed gopher 80/tcp open 113/tcp closed auth http 31337/tcp closed Elite Nmap done: 1 IP address (1 host up) scanned in 27.41 seconds Performing a TCP SYN ping The TCP SYN ping sends a SYN packet to the target system and listens for a response. This alternative discovery method is useful for systems that are configured to block standard ICMP pingsNote . Note The default port for -PS is 80, but others can be specified using the following syntax: nmap -PS22,25,80,443,etc.

Ping Only Scan   The -sP option is used to perform a simple ping of the specified host. Usage syntax: nmap -sP [target] $ nmap -sP 192.168.10.2/24 Starting Nmap 5.00 ( http://nmap.org ) at 2009-08-08 20:54 CDT Host 192.168.10.1 is up (0.0026s latency). Host 192.168.10.100 is up (0.00020s latency). Host 192.168.10.101 is up (0.00026s latency). Nmap done: 256 IP addresses (3 hosts up) scanned in 3.18 second Output of a ping only scan This option is useful when you want to perform a quick search of the target network to see which hosts are online without actually scanning the target(s) for open ports. In the above example, all 254 addresses in the 192.168.10.0 subnet are pinged and results from live hosts are displayed . When scanning a local network, you can execute Nmap with root privileges for additional ping functionality. When doing this, the -sP option will perform an ARP ping and return the MAC addresses of the discovered system(s). Usage syntax: nmap -sP [target]  

Don’t Ping By default, before Nmap attempts to scan a system for open ports it will first ping the target to see if it is online. This feature helps save time when scanning as it causes targets that do not respond to be skipped. $ nmap 10.10.5.11 Starting Nmap 5.00 ( http://nmap.org ) at 2009-08-13 08:43 CDT Note: Host seems down. If it is really up, but blocking our ping probes, try -PN Nmap done: 1 IP address (0 hosts up) scanned in 3.16 seconds Results of a Nmap scan where the target system is not pingable In the above example the specified target is not scanned as it does not respond to Nmap’s pings. The -PN option instructs Nmap to skip the default discovery check and perform a complete port scan on the target. This is useful when scanning hosts that are protected by a firewall that blocks ping probes. Usage syntax: nmap -PN [target] $ nmap -PN 10.10.5.11 Starting Nmap 5.00 ( http://nmap.org ) at 2009-08-13 08:43 CDT Interesting ports on 10.10.5.11: Not shown: 999 fil