Attacks can come through the network or an infected program. By performing reconnaissance, you can identify where an attack might come from. This can be used by a hacker or a member of a security team.
Topology Discovery (Footprinting)
This involves scanning the network and hosts to identify the IP range in use. For example, you might scan and find ten devices, some of which are Windows and some of which are Macs. This will give you an idea of the network layout.
There are a number of commands available in Windows and Linux that can help you perform topology discovery:
ipconfig on Windows
ifconfig on Linux
These commands display the configuration of your network adapter (i.e. the network interface configuration).
ping followed by an IP address or hostname
This is used to verify the connection between you and another device. It's like calling out to a friend to see if they can hear you. This command uses the ICMP protocol.
The IP address does not need to be on the same network as you. You can use it to verify that you can reach a device anywhere.
arp -a
This displays the IP and MAC addresses of the devices you have communicated with. This displays the ARP cache.
There are also a number of other commands that are specific to routing, such as:
(route) and (tracert) on Windows
(traceroute) and (pathping) on Linux
--------------------------------------------------
Wait for the next post ๐
#network #security #reconnaissance