Real-Time Nmap & Wireshark Scan

Today, I tested basic port scanning techniques in a real network environment using Nmap and Wireshark. My goal was to scan my host laptop's open ports from another system on the same network and understand what happens behind the scenes.

Step 1: Ping the Target Host

ping 192.168.0.106

๐Ÿ”ธ Goal: Check if the target host (my other laptop) is reachable.
๐Ÿ”ธ Issue: No response received from the IP.
๐Ÿ”ธ Reason: ICMP Echo Requests (ping) were likely blocked by the hostโ€™s firewall or OS settings.
๐Ÿ”ธ Wireshark Insight: I could see ICMP Echo Request packets being sent from my system, but no Echo Reply was received from the target. This confirmed that the host was dropping or ignoring pings.

Step 2: Scan Port 22 with Nmap

nmap -p 22 192.168.0.106

๐Ÿ”ธ Goal: Scan port 22 (commonly used by SSH) to check if it's open.
๐Ÿ”ธ Issue: Nmap returned the message โ€œHost seems down.โ€
๐Ÿ”ธ Reason: Because the earlier ping failed, Nmap assumed the host was offline and skipped scanning port 22 entirely.
๐Ÿ”ธ Wireshark Insight: Instead of scanning port 22, Nmap sent a few TCP SYN packets to common ports like 80 (HTTP) and 443 (HTTPS) as part of its host discovery phase โ€” but received no replies.

Step 3: Force the Scan with -Pn

nmap -Pn -p 22 192.168.0.106

๐Ÿ”ธ Goal: Force Nmap to assume the host is online and proceed with scanning.
๐Ÿ”ธ Success: This time, Nmap successfully scanned port 22, and the host responded.
๐Ÿ”ธ Wireshark Insight:

  • I observed a TCP SYN packet from the scanner to port 22 on the target.

  • The target replied with a SYN-ACK, indicating the port is open.

  • My machine then sent a RST (Reset) packet to close the connection, which is normal for Nmapโ€™s SYN scan (also known as a half-open scan).

  • This confirmed that port 22 was open, and a service (likely SSH) was listening.

What I Learned:

  • Even basic firewalls can block ping and confuse scanners.

  • nmap -Pn is useful when ping fails but you know the host is alive.

  • Wireshark is powerful for visualizing TCP handshakes and troubleshooting scan failures.

  • SYN scans are stealthy โ€” they detect open ports without full connection.

This small test gave me real-world insight into how port scanning, firewalls, and TCP/IP work together in network security.

Updated on
Networking Utilities
Refrence