• Fingerprinting and enumeration of nodes on a client's network

  [infrastructure part of information gathering]

• How to determine what hosts are up and running in a given network?

• find a way to know which of these IP addresses are assigned to a node

• ICMP: used to carry diagnostic messages

🟥 Fping:

improved ping

used to perform ping sweeps

fping -a -g 10.54.12.0/24
fping -a -g 10.54.12.0 10.54.12.255

• flags
• On a LAN you can still get "ICMP Host Unreachable" errors so redirect the standard errors to the trash (null)

🟦 Nmap:

use CIDR notation or wildcard notation

nmap -sn -iL hosts.txt

• flags

after getting live hosts, you want to know what you're dealing with....

routers? servers? clients? do OS Fingerprinting

🟨 OS Fingerprinting

• determine the OS used by a host on the network
• this is done by sending a request and analyzing the response we get back.
• the response of different OS's have slightly different stack implementations so we can create a signature and compare it against a database of known OS's
• it's a guesswork