Network Reconnaissance
Before securing a network, you must understand it. Network reconnaissance is the process of mapping out the landscape—identifying active hosts, routers, and DNS servers.
1. Discovering Hosts (Ping Sweep)
The simplest way to find active devices is to ping them.
Command Prompt
C:\Users\User>ping 192.168.1.1
(Note: Advanced users use loops to ping entire subnets)
2. Mapping the Path (Trace Route)
See how packets travel to a target. This identifies routers and firewalls.
Command Prompt
C:\Users\User>tracert 8.8.8.8
3. Investigating DNS (Nslookup)
Find the IP address behind a domain name (or vice versa).
Usage:nslookup
[domain]
[server]
type=mx
Search for Mail Servers (MX records).
type=txt
Search for Text records (SPF/DKIM).
Knowledge Check
1 / 2Which command resolves a domain name to an IP address?