This is the second part of Four types of
nmap scans every beginner should know and you can read the first part here. I have discussed TCP and TCP connect scan there in that post and if you didn’t read it then first go and read it
Ping scan is a normal scan that you can perform without using
nmap i.e.. with your default terminal in Linux or Unix based systems and from cmd in Microsoft Windows systems.
- Must Read: What is
ICMP? How does it work?
This scan only gives you information about the up or down status of the target. It just sends the
ICMP echo request and if the system is up and running it will get reply,
ICMP echo reply. If the system is down then you won’t get any reply.
The syntax for ping scan
Nmap –sP [IP address]
Example : nmap –sP 192.168.1.1
- No need any privileges. You can run from an account
- Takes very less time because it won’t scan all the ports but just scan the status of the target
- Very less information
- Maximum servers blocks ping requests
UDP is very important protocol because streaming protocols use UDP protocol to communicate.
UDP scan is the only scan that identifies the UDP ports of the target. As UDP won’t have any handshakes
nmap finds some difficulty to find the closed and filtered port
Must Read: What is UDP? How does it work?
Nmap –sU [IP address]
Example: nmap –sU 192.168.1.1
Open Port: When
nmap tries to connect to UDP open port then it will get
ICMP reply from the target if it has two-way traffic but if it is one-way traffic then it won’t get a reply and this makes somewhat difficult for
nmap to identify
Closed and filtered port: When
nmap tries to connect to closed or filtered port then it will get
ICMP reply that port is not available but if it is filtered then it won’t get any reply and this makes again difficult for
nmap to identify
- It is the only scan that identifies
- Results are not accurate