- Nmap 6:Network exploration and security auditing Cookbook
- Paulino Calderon Pale
- 323字
- 2021-08-05 18:31:05
Discovering hosts with UDP ping scans
Ping scans are used to determine if a host is responding and can be considered online. UDP ping scans have the advantage of being capable of detecting systems behind firewalls with strict TCP filtering leaving the UDP traffic forgotten.
This next recipe describes how to perform a UDP ping scan with Nmap and its related options.
How to do it...
Open a terminal and type the following command:
# nmap -sP -PU <target>
Nmap will determine if <target> is reachable by using this technique.
# nmap -sP -PU scanme.nmap.org Nmap scan report for scanme.nmap.org (74.207.244.221) Host is up (0.089s latency). Nmap done: 1 IP address (1 host up) scanned in 13.25 seconds
How it works...
The technique used by a UDP ping scan works as follows:
- Nmap sends an empty UDP packet to ports 31 and 338
- If the host is responding, it should return an ICMP port unreachable error
- If the host is offline, various ICMP error messages could be returned
There's more...
Services that do not respond to empty UDP packets will generate false positives when probed. These services will simply ignore the UDP packets, and the host will be incorrectly marked as offline. Therefore, it is important that we select ports that are likely to be closed.
See also
- The Finding live hosts in your network recipe in Chapter 1, Nmap Fundamentals
- The Discovering hosts with TCP SYN ping scans recipe
- The Discovering hosts with TCP ACK ping scans recipe
- The Discovering hosts with ICMP ping scans recipe
- The Discovering hosts with IP protocol ping scans recipe
- The Discovering hosts with ARP ping scans recipe
- The Discovering hosts using broadcast pings recipe
- The Discovering stateful firewalls by using a TCP ACK scan recipe in Chapter 3, Gathering Additional Host Information