When Nmap is about to perform a scan on a host, it sends a ping packet to the host to determine whether the target is alive. If the target does not respond, Nmap will not attempt to execute the scan. However, system administration and cybersecurity professionals usually disable Internet Control Message Protocol (ICMP) responses on servers. Not receiving an ICMP echo reply from a target would indicate that the target device is down/offline; however, this technique sets out to basically trick a novice hacker into thinking the host is simply not available. Using the –Pn operator during an Nmap scan will skip the host discovery phase and treat the target as online.

The following is an example:

nmap -Pn 10.10.10.100

During a penetration test, if you are not able to discover live hosts on the network, don't be overly concerned as network security professionals tend to apply security controls to their end devices and networks. Nmap can detect hidden systems, bypassing firewalls and network sniffers to detect security vulnerabilities on a host.

When performing a scan, there's a high possibility that the target will know a port scan is being done by an attacker or a penetration tester. In the next section, we will describe how to perform a stealth scan using Nmap.