20.2. Network Mapping
The first piece of information anyone needs to know in order to mount a successful attack on a computer is where to find it on the network. In other words, the attacker needs to discover a computer's IP address. On most networks, only a subset of the possible IP addresses are in use, so the trick is to narrow down all the possible addresses (which may be a handful or many thousands) to just those that are active. The process of examining a network (either the local network to which a computer is directly connected or a remote network) to find all the IP addresses in use is called network mapping. You may also hear this called by any number of other names, including host discovery, host scanning, and network device location scanning —or by terms referring to a particular type of scanning, such as ICMP probing or ping sweeps.
If a program did nothing other than produce a list of valid IP addresses on a network, that would count as network mapping and could, in and of itself, be useful. However, because an attacker ultimately needs considerably more to go on than an IP address, network mapping usually entails other tasks too, including at least basic sorts of fingerprinting (mentioned earlier) and port scanning (discussed later in this chapter). Most of the software you can use for network mapping optionally does these other tasks too.
Examining the network to which one is currently connected is fast and convenient, and assuming the computer doing the scanning ...
Get Mac® Security Bible now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
