If the attacker's system is already configured with the DHCP, it will provide a few bits of information that are very useful to map the internal network. The DHCP information can be obtained by typing ifconfig in the Kali Terminal as shown in the following screenshot. You should be able to see the following information:

• inet: The IP information obtained by the DHCP server should provide us with at least one active subnet which can be utilized to identify the list of live systems and services through different scanning techniques.
• netmask: This information can be utilized to calculate the subnet ranges. From the previous screenshot, we have 255.255.240.0, which means CIDR is /20 and potentially we can expect 4094 hosts on the same subnet.
• Default gateway: The IP information of the gateway will provide the opportunity to ping other similar gateway IP's. For example, if your default gateway IP is 192.168.1.1 by using ping scans attackers may be able to enumerate other similar IPs such as 192.168.2.1, 192.168.3.1, and so on.
• Other IP address: DNS information can be obtained by accessing the /etc/resolv.conf file. The IP addresses in this file are commonly addressed in all of the subnets and domain information will also be automatically available in the same file.