🔍 Nmap Live Host Discovery – Key Points

• Goal of Host Discovery:
  • Identify which systems are up on a network before performing port scans.
  • Avoid wasting time/creating noise by scanning offline hosts.
• Nmap Overview:
  • Created by Gordon Lyon (Fyodor) in 1997.
  • Open-source under GPL license.
  • Industry-standard tool for:
    • Mapping networks
    • Discovering live hosts
    • Identifying running services
    • Exploiting vulnerabilities (via scripting engine)
• Host Discovery Techniques:
  • ARP Scan
    • Uses Address Resolution Protocol
    • Most effective on local networks (Layer 2)
  • ICMP Scan
    • Sends Echo Requests (Ping)
    • Detects hosts based on ICMP replies
  • TCP/UDP Ping Scan
    • Sends probes to TCP/UDP ports
    • Host replies or resets indicate it's alive
• Other Scanning Tools:
  • arp-scan
    • Specialized for ARP discovery
    • Often faster/more targeted than Nmap for LANs
  • masscan
    • High-speed scanner
    • Useful for wide-area discovery (Internet-scale)
• Why Host Discovery Matters:
  • Reduces scan time
  • Minimizes detection risk
  • Optimizes resource usage
• Scan Workflow (Simplified):
  • Host Discovery → Port Scanning → Service Detection → OS Fingerprinting → (Optional) NSE Scripts.