Useful Links
Computer Science
Cybersecurity
Nmap and Network Scanning
1. Fundamentals of Network Communication
2. Introduction to Network Scanning
3. Nmap Fundamentals
4. Host Discovery
5. Core Port Scanning Techniques
6. Service and Version Detection
7. Operating System Detection
8. Advanced Scanning Techniques
9. Timing and Performance Optimization
10. Firewall and IDS Evasion
11. Nmap Scripting Engine (NSE)
12. Output Formats and Analysis
13. Practical Scanning Scenarios
14. Defensive Countermeasures
Host Discovery
Purpose of Host Discovery
Identifying Live Hosts
Network Reconnaissance
Reducing Scan Scope
Network Mapping
Topology Discovery
Host Enumeration
Disabling Port Scans (-sn)
Ping Scan Only
When to Use Host Discovery Only
Large Network Surveys
Initial Reconnaissance
Host Discovery Techniques
ICMP Echo Request (-PE)
Traditional Ping
Firewall Considerations
ICMP Timestamp Request (-PP)
Alternative ICMP Method
Bypassing Echo Blocks
ICMP Address Mask Request (-PM)
Legacy ICMP Method
Limited Modern Use
TCP SYN Ping (-PS)
TCP-Based Discovery
Specifying Ports for SYN Ping
Default Ports
Custom Port Selection
Firewall Evasion
TCP ACK Ping (-PA)
Stateful Firewall Bypass
Specifying Ports for ACK Ping
Common Open Ports
Service-Specific Ports
UDP Ping (-PU)
UDP-Based Discovery
Specifying Ports for UDP Ping
Closed Port Strategy
Service Port Targeting
SCTP INIT Ping (-PY)
SCTP Protocol Discovery
Specialized Use Cases
ARP Ping (-PR)
Local Network Discovery
ARP vs IP-based Discovery
Layer 2 vs Layer 3
Local Subnet Efficiency
IPv6 Discovery
ICMPv6 Neighbor Discovery
IPv6 Multicast Ping
Disabling Host Discovery (-Pn)
Assume All Hosts Are Up
Rationale for Skipping Discovery
Heavily Filtered Networks
Known Live Hosts
Risks and Use Cases
Increased Scan Time
False Positive Reduction
Custom Discovery Combinations
Multiple Discovery Methods
Discovery Method Selection
Performance Optimization
Previous
3. Nmap Fundamentals
Go to top
Next
5. Core Port Scanning Techniques