home lab

Nmap Ping Sweep: Home Lab Network Ping Scan

Explore network security with our comprehensive guide on Nmap ping sweeps. Uncover live hosts, scan ports, and secure your network
Brandon LeeJuly 6, 2023Last Updated: August 15, 2024
3 minutes read
Nmap Ping Sweep for home lab network
Nmap Ping Sweep for home lab network

Nmap is a super well-known command line tool that can do a lot of differen tthings. It can help you map out a network and discover what hosts are there. We will look at the Nmap Ping Sweep and see how we can use it as a network vulnerability ping scan for discovery and finding vulnerabilities.

What is Nmap and the Nmap Ping Sweep?

Nmap is a network scan tool that lets you see the hosts on your network and not just see them, but identify what they are. It is really good for cybersecurity, troubleshooting, and investigating networking issues. it stands for Network Mapper and this is exactly what it does. It can map out ports and applications that use those ports when it scans the network.

nmap ping scan tool
nmap ping scan tool

It scans using different techniques and discovery methods, but doesn’t just use the TCP scanning that many tools use. It can use SYN, UDP raw, ICMP, and other types of ping scans to discover hosts on the network.

You can easily install the tool across multiple operating systems. Below, I am installing it in Windows.

Installing Nmap in Windows
Installing Nmap in Windows

After installation, you can run the nmap command to see the available options.

Running the Nmap command
Running the Nmap command

Ping Sweep and Host Discovery

Ping sweep, an essential method of host discovery, primarily involves sending ICMP echo requests to IP addresses within a specified range. When these echo requests receive a reply, it signifies the presence of an active host in the network. However, you can also utilize ICMP timestamp requests, enhancing the depth of your network analysis.

Host discovery, coupled with a ping sweep, gives a comprehensive view of the active hosts in your network. Nmap sends these requests efficiently, even under strict firewalls, allowing you to manage your network better.

Nmap command examples

Navigating the Nmap command line requires a solid understanding of the potential commands and their impacts on the target network. Here, we’ll look at some examples of Nmap ping sweep commands, demonstrating the diversity and power of this tool.

Basic Ping Sweep:

The simplest form of an Nmap ping sweep uses the following command: nmap -sn 192.168.1.1/24. This command will discover live hosts in the network range from 192.168.1.1 to 192.168.1.255.

Discovering live hosts in a network range
Discovering live hosts in a network range

Disabling DNS Resolution:

If you’d like to perform a ping sweep without DNS resolution to skip regular scan stages, use the -n flag. An example would be:

nmap -sn -n 192.168.1.1/24

This command is beneficial when you want a faster scan by skipping the DNS resolution stage.

Ping sweep without DNS resolution
Ping sweep without DNS resolution

Ping Sweep with Port Scan:

You can combine a ping sweep with a simple port scan. Use the following command:

nmap -p 3389 192.168.1.1/24

This command will perform a ping sweep and then scan for the availability of port 80 (typically used for HTTP traffic) on all live hosts.

Discovering open network ports with Nmap ping sweep
Discovering open network ports with Nmap ping sweep

Using TCP SYN for Ping Sweep:

Strict firewalls may drop ICMP packets, thus limiting the effectiveness of the traditional ICMP-based ping sweep. However, Nmap allows for TCP SYN-based ping sweeps. The ICMP standards (RFC 792 and RFC 950) also specify icmp timestamp request, information request, and address mask request packets as codes 13, 15, and 17, respectively.

The following command performs a TCP SYN ping sweep:

nmap -PS 192.168.1.1/24
TCP SYN Nmap ping sweep
TCP SYN Nmap ping sweep

This command is handy when ICMP packets are filtered by the network’s firewall.

Using TCP ACK for Ping Sweep:

Similarly to the TCP SYN ping sweep, you can use TCP ACK packets for ping sweeps, especially when dealing with strict firewalls that block ICMP and SYN packets. The following command performs a TCP ACK ping sweep:

nmap -PA 192.168.1.1/24
TCP ACK Nmap ping sweep
TCP ACK Nmap ping sweep

Ping Sweep using ICMP Timestamp Requests:

In addition to the typical ICMP echo request, you can use an ICMP timestamp request for ping sweeps. Use the following command:

nmap -PP 192.168.1.1/24
Nmap ping sweep using ICMP timestam requests
Nmap ping sweep using ICMP timestam requests

This command adds another layer to the scanning process, especially when dealing with hosts that respond differently to various types of ICMP requests.

Remember, while these examples use a specific range of IP addresses, the same principles can be applied to larger IP ranges, entire networks, or even single IP addresses.

Wrapping up

If you are wanting to have a single network command line tool that can do just about anything you want it to do, nmap is like that swiss army knife solution that is all-in-one and can do what you need it to do. You can use it to map networks and also the main thing I really like to do with it I would say the majority of the time is discover what an unknown IP actually is. It can do this well with the operating system discovery.

Brandon LeeJuly 6, 2023Last Updated: August 15, 2024
3 minutes read

Subscribe to VirtualizationHowto via Email ๐Ÿ””

Enter your email address to subscribe to this blog and receive notifications of new posts by email.



Photo of Brandon Lee

Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com, and a 7-time VMware vExpert, with over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, He has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family. Also, he goes through the effort of testing and troubleshooting issues, so you don't have to.

Related Articles

Best Hypervisor for home lab in 2023

Best Hypervisor for Home Lab in 2023

June 7, 2023
top7homelabtools

Top 7 Home Lab Server Tools in 2023

May 16, 2023
VM vs container

Virtual machine vs container: Which is best for home lab?

July 27, 2023
Best server os in 2024

Best Server OS in 2024 in Five Categories

February 19, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© Copyright 2024, All Rights Reserved  | VirtualizationHowto.com