<aside> ⚙ A basic guide on how to scan a network during a pentest. This guide can be used as a starting point for each pentest you do.
</aside>
<aside> ⚙ Scan for live systems using ICMP packets
</aside>
Sometimes icmp can be blocked even if the host is online
— Ping sweep (easiest method, can be automated with scripting, nmap, etc.)
— ICMP Echo scanning (sending ICMP Echo request to a network ip address)
nmap -sn <network>
-sn This will peform a ping sweep on the hosts
hping -1 <network> --rand-dest -I <interface>
-1 ICMP mode
—rand-dest random destination mode
-I network interface name
<aside> ⚙ Scan for open ports on live hosts
</aside>
For example send a SYN packet to port 80 on a server. If the server returns with a SYN-ACK packet the port is open.