In nmap, what does the nmap pn option signify?
What is the significance of the -Pn option in nmap? How does it affect a user's nmap scanning?
While going over this topic on the website, I was able to find that -
Nmap , which stands for "Network Mapper," is an open source tool that lets you perform scans on local and remote networks. Nmap is very powerful when it comes to discovering network protocols, scanning open ports, detecting operating systems running on remote machines, etc.
To understand what the nmap pn option does, you must know that some hosts respond to pings if they are online (I.e. ping www.google.com and you get a reply.) Nmap tries pinging them, if they respond nmap continues scanning and you get your result. If it gets no response it says 'hmm they must be down, well no point wasting time scanning someone who doesn't exist' and exists.
Now some hosts are alive, but configured not to answer to pings. Under normal circumstances this means nmap would simply not scan them thinking they were down. If you specify -Pn, it skips this initial stage of checking if the host is up and basically says 'well I've been told to scan no matter what, so even if I think it's down* my stupid human operator is making me do it anyway'. It then tries to scan and actually gets results because in reality the host is alive.
*saying it thinks it's down is slightly incorrect - if it simply ignores the check in the first place. Summary - skips checking if the host is alive which may sometimes cause a false positive and stop the scan.