如何使用Nmap发现网络主机？

Hi. We started with Nmap target specification. Now we resume with host discovery options. Host discovery is detecting hosts in the same or remote network. Generally, we send a packet to the target host and then we get a response or not but some times we just listen and get packets from hosts. We decide host status according to response if we get it. There are some different ways to send packets. Nmap default (if no option is given) action for host discovery is ICMP echo and time stamp, sync to 443 (https) and ack to TCP 80 (HTTP).

你好我们从Nmap目标规范开始。 现在，我们继续使用主机发现选项。 主机发现正在检测同一或远程网络中的主机。 通常，我们将数据包发送到目标主机，然后我们是否收到响应，但有时我们只是侦听并从主机获取数据包。 如果得到响应，我们将根据响应确定主机状态。 有几种不同的发送数据包的方式。 主机发现的Nmap默认(如果未提供任何选项)操作是ICMP回显和时间戳，同步到443(https)和ack到TCP 80(HTTP)。

ARP扫描 (ARP Scan)

-PR option is used for arp inspection so it just sends arp request. In the second block, we see the target host network dump. The -sn option disable port scan.

-PR选项用于arp检查，因此它仅发送arp请求。 在第二块中，我们看到目标主机网络转储。 -sn选项禁用端口扫描。

$ nmap -PR -sn u1

清单扫描 (List Scan)

The list scan is a passive scan so we do not send packets to the network we just listen. As you can see output there is one host which is up but the scan shows no one is up.

列表扫描是被动扫描，因此我们不会将包发送到仅侦听的网络。 如您所见，输出中有一台主机处于启动状态，但扫描显示没有一台主机处于启动状态。

$ nmap -sL 192.168.122.0/24

没有Ping扫描 (No Ping Scan)

No ping scan disables ping stage of the scan. Normally a scan starts with ping to find live hosts and then start heavy port scan to the live hosts. But if you set these options it st