Network Scanning π
Assume you are an attacker and you are in the network you want to attack. What is your next step?
6 min readSep 14, 2024
Host Discovery via Ping
First, you want to see who/what else is in the network. To do so, you want to execute a ping to every single address in the network. When you get a response, you know somebody is there:
# Find your network
$ ifconfig | grep "inet 192"
inet 192.168.178.21 netmask 255.255.255.0 broadcast 192.168.178.255
# Execute a ping scan in your local network
$ nmap -sn 192.168.178.0/24
Starting Nmap 7.80 ( https://nmap.org ) at 2024-09-10 17:56 CEST
Nmap scan report for _gateway (192.168.178.1)
Host is up (0.0042s latency).
Nmap scan report for pc08 (192.168.178.21)
Host is up (0.00031s latency).
Nmap scan report for 192.168.178.26
Host is up (0.046s latency).
Nmap scan report for 192.168.178.34
Host is up (0.057s latency).
Nmap scan report for 192.168.178.39
Host is up (0.021s latency).
Nmap done: 256 IP addresses (5 hosts up) scanned in 2.88 seconds
# Using masscan
$ sudo masscan 192.168.178.0/24 --ping
Starting masscan 1.0.5 (http://bit.ly/14GZzcT)
at 2024-09-14 07:30:27 GMT
-- forced options: -sn -n --randomize-hosts -v --send-eth
Initiating ICMP Echo Scan
Scanning 256 hosts
Discovered open port 0/icmp on 192.168.178.1
Discovered open port 0/icmp onβ¦