- An nmap ping confirms the existance of a target system.
- An nmap ping does not (necessarily) refer to an ICMP Echo request
- Nmap wont scan a target unless it can get a response.
You can disable ping requirement with -P0
Disabling will always delay if a scan involves many stations and some are not on the network
Ping to local subnet
ARP, or Address Resolution Protocol is used each time you communicate to a new device on your local IP subnet. thats because ethernet or wireless ethernet dont communicate via TCP/IP, instead ethernet use Media Access Control or MAC to send and recieve recieves packets accross the network. This allows ethernet to send/recieve many different kinds of protocol over the wire, such as IPX, NetBios.
in the above example i have used -v option for detailed output
You will see nmap automatically chooses ARP ping because the device is on local ip subnet.
Although you can specify other ping types on the command line, nmap will ignore other types because the destination station is local.
Ping to Remote Subnet
ICMP is the default ping method to remote subnet. Most firewalls will have ICMP blocked, then you can use TCP ACK Ping
TCP ACK ping can be customized by port number.
TCP ACK ping requires to have root or admin privilage, otherwise silently it will change TCP ACK ping to TCP Connect().
Other ping method is TCP SYN ping, which is very similaryt o TCP SYN Scan.
example of TCP SYN ping
nmap -v -PS 202.1.192.196
UDP ping
If ICMP and TCP pings are not working well you can use UDP ping
nmap -v -PU 202.1.192.196
