Discover hosts with a TCP SYN ping scan

Many network administrators today block ICMP ping messages, so the ordinary Nmap ping sweep which uses ICMP will not be able to determine if the host is offline or just blocking ICMP messages. However, Nmap also supports a scanning technique called TCP SYN ping scan, which sends a SYN request at a given port on the target host. If the port is open, the target host responds with a TCP SYN/ACK packet indicating that a connection can be established.

The flag -PS is used to perform a TCP SYN ping scan. You also need to specify a target port. Here is an example:

root@kali:~# nmap -sP -PS21 192.168.5.102
Starting Nmap 7.01 ( https://nmap.org ) at 2016-03-04 19:16 CET
Nmap scan report for 192.168.5.102
Host is up (0.0014s latency).
Nmap done: 1 IP address (1 host up) scanned in 0.01 seconds

In the example above we’ve instructed Nmap to send a TCP SYN packet to the port 21 on the target. The option -sP tells Nmap to perform a ping scan only.

Discover if a host is online
Disable ping sweep

Discover hosts with a TCP SYN ping scan

Nmap tutorial