host-discovery

The Host Discovery is used to Identify the Live Hosts in the Network

1 Ping Sweep (ICMP Echo Request)

ping -c 1 [ip]

fping -a -g 192.168.12.3/24

hping3 -S -p 80 192.168.12.3

• hping3 command used to check the Live Hosts

• Ping with TCP(SYN)

• it sends the TCP SYN packet to port 80 to check if the hosts is up (Alternative of ICMP Ping)

hping3 -1 192.168.12.3

• this used ICMP method

2 Nmap Host Discovery

Basic

nmap -sn 192.168.12.3/24

No Ping ARP Only

nmap -sn -PR 192.168.12.3/24

ICMP Only

nmap -PE -sn 192.168.12.3/24

TCP SYN

nmap -PS80,443, -sn 192.168.12.3/24

UDP

nmap -PU53,123, -sn 192.168.12.3/24

3 ARP SCAN (Local Network)

arp-scan -l

3 Netdiscover (ARP-Based)

netdiscover -r 192.168.12.3/24

4 Masscan (Fast Discovery)

masscan 192.168.12.3/24 -p0-65535 --rate=10000

Notes to keep in mind

• Use ARP-Based method on LAN (Bypassed Firewalls)

• ICMP Can be blocked by firewalls

• Use sudo for full nmap/ARP capabilities

• hping3 can b used for host discovery if the ICMP is blocked

• hping3 bypass and used stealthy packets