During an internal assessment, every probe in a standard Nmap ping scan (-PE -PA -PP) is being dropped by a host-based firewall that filters all incoming IP traffic. Because you are plugged into the same IPv4 broadcast domain as the targets, which Nmap host-discovery option will still allow you to identify live systems on that segment?
Conduct a TCP SYN ping to port 443 with -PS 443
Use an IP protocol 1 probe with -PO 1
Send ARP requests with the -PR host-discovery option
On a local Ethernet network you can bypass host firewalls completely by sending Address Resolution Protocol (ARP) requests. ARP operates at Layer 2, so the target's IP stack-and any filtering rules it enforces-never see the packet. In Nmap, the -PR flag tells the scanner to perform ARP discovery, which continues to obtain responses even when ICMP, TCP, UDP, or IP protocol probes (-PE, -PA, -PP, -PO, -PS, -PU) are blocked. UDP pings, IP protocol pings, or TCP SYN pings still rely on Layer 3/4 processing and will be filtered by the firewall in the scenario, making them ineffective for dependable host discovery here.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between ARP and ICMP in network scanning?
Open an interactive chat with Bash
Why does the -PR option in Nmap bypass firewalls effectively?
Open an interactive chat with Bash
What are the limitations of using ARP-based host discovery in Nmap?
Open an interactive chat with Bash
What is ARP and how does it function?
Open an interactive chat with Bash
Why does using the -PR option in Nmap bypass firewalls during host discovery?
Open an interactive chat with Bash
How does the -PE, -PA, and -PP host-discovery options differ from ARP requests?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Reconnaissance Techniques
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .