Network Scanning ๐Ÿ˜ˆ

Assume you are an attacker and you are in the network you want to attack. What is your next step?

Martin Thoma
6 min readSep 14, 2024
Image created withOpenAI by Martin Thoma

Host Discovery via Ping

First, you want to see who/what else is in the network. To do so, you want to execute a ping to every single address in the network. When you get a response, you know somebody is there:

# Find your network
$ ifconfig | grep "inet 192"
inet 192.168.178.21 netmask 255.255.255.0 broadcast 192.168.178.255

# Execute a ping scan in your local network
$ nmap -sn 192.168.178.0/24
Starting Nmap 7.80 ( https://nmap.org ) at 2024-09-10 17:56 CEST
Nmap scan report for _gateway (192.168.178.1)
Host is up (0.0042s latency).
Nmap scan report for pc08 (192.168.178.21)
Host is up (0.00031s latency).
Nmap scan report for 192.168.178.26
Host is up (0.046s latency).
Nmap scan report for 192.168.178.34
Host is up (0.057s latency).
Nmap scan report for 192.168.178.39
Host is up (0.021s latency).
Nmap done: 256 IP addresses (5 hosts up) scanned in 2.88 seconds

# Using masscan
$ sudo masscan 192.168.178.0/24 --ping
Starting masscan 1.0.5 (http://bit.ly/14GZzcT)
at 2024-09-14 07:30:27 GMT
-- forced options: -sn -n --randomize-hosts -v --send-eth
Initiating ICMP Echo Scan
Scanning 256 hosts
Discovered open port 0/icmp on 192.168.178.1
Discovered open port 0/icmp onโ€ฆ

--

--

Martin Thoma
Martin Thoma

Written by Martin Thoma

Iโ€™m a Software Engineer with over 10 years of Python experience (Backend/ML/AI). Support me via https://martinthoma.medium.com/membership

No responses yet