The next step, intelligence gathering, is one of the most important phases in the process, because if you miss something here you might miss an entire avenue of attack. Our goal at this point is to understand what we are going to attack and determine how we might gain access to the system.

We begin with a basic nmap scan (as shown next) against our Windows XP virtual machine, and we find that port 80 is open. We use nmap’s stealth TCP scan, which is typically effective in detecting ports without triggering defenses. Most IPSs can detect port scans, but because port scans are so common, they are generally considered regular noise and are ignored as long as they’re not very aggressive.

root@bt:/# nmap -sT -P0 172.16.32.131