Live host discovery

The first step is to run network ping sweeps against a target address space and look for responses that indicate that a particular target is live and capable of responding. Historically, pinging is referred to as the use of ICMP; however, TCP, UDP, ICMP, and ARP traffic can also be used to identify live hosts.

Various scanners can be run from remote locations across the internet to identify live hosts. Although the primary scanner is nmap, Kali provides several other applications that are also useful, as shown in the following table:

Application	Description
`alive6` and `detect-new-ip6`	This is for IPv6 host detection. `detect-new-ip6` runs on a scripted basis and identifies new IPv6 devices when added.
`Dnmap` and `nmap`	`nmap` is the standard network enumeration tool. `dnmap` is a distributed client-server implementation of the `nmap` scanner. PBNJ stores `nmap` results in a database, and then conducts historical analyses to identify new hosts.
`fping`, `hping2`, `hping3`, and `nping`	These are packet crafters that respond to targets in various ways to identify live hosts.

To the penetration tester or attacker, the data returned from live host discovery will identify the targets for attack.

Run multiple host discovery scans while conducting a penetration test. Certain devices may be time dependent. During one penetration test, it was discovered that the system administrator set up a game server after regular business hours. Because it was not an approved business system, the administrator didn't follow the normal process for securing the server; multiple vulnerable services were present, and it hadn't received necessary security patches. Testers were able to compromise the game server and gain access to the underlying corporate network using vulnerabilities in the administrator's game server.

Table of Contents for Live host discovery

Create new playlist

Sign In

Sign Up

Table of Contents for
Live host discovery