The first step is to run network ping sweeps against a target address space and look for responses that indicate that a particular target is live and capable of responding. Historically, pinging is referred to as the use of ICMP; however, TCP, UDP, ICMP, and ARP traffic can also be used to identify live hosts.
Various scanners can be run from remote locations across the internet to identify live hosts. Although the primary scanner is nmap, Kali provides several other applications that are also useful, as shown in the following table:
Application |
Description |
alive6 and detect-new-ip6 |
This is for IPv6 host detection. detect-new-ip6 runs on a scripted basis and identifies new IPv6 devices when added. |
Dnmap and nmap |
nmap is the standard network enumeration tool. dnmap is a distributed client-server implementation of the nmap scanner. PBNJ stores nmap results in a database, and then conducts historical analyses to identify new hosts. |
fping, hping2, hping3, and nping |
These are packet crafters that respond to targets in various ways to identify live hosts. |
To the penetration tester or attacker, the data returned from live host discovery will identify the targets for attack.