B4 - Network Mapping & Target Identification
Analysis of output from tools used to map the route between the engagement point and a number of targets. Network sweeping techniques to prioritise a target list and the potential for false negatives.
Essentially, this is NMAP and ping sweeping with some false negative checking.
Basic NMAP commands
Host identification techniques
Ping sweep
There are other tools available to perform ping sweeps. Some of these are below:
False Negative
It is important to note that performing a ping sweep with nmap using -sn uses ICMP in order to test for a response to a ping. If a machine (or firewall) prevents ICMP requests, then the machine will return as offline. This is considered a FALSE NEGATIVE.
In order to prove a false negative you would send further protocol communications to a host to see if it is alive. Such as TCP or UDP requests. When performing an NMAP scan. Use -PN in order to tell nmap NOT to ping the host first. This will force NMAP to continue sending all its requests assuming the host is live even if ICMP says it is not.
Last updated