Network Enumeration

Overview

Network enumeration is the process of discovering active hosts, open ports, running services, and operating systems on a target network. It is the first phase of any penetration test and provides the foundation for all subsequent exploitation efforts.

Effective network enumeration combines multiple scanning techniques to bypass firewalls and Intrusion Detection Systems (IDS) while gathering maximum information about the target infrastructure.

Category: Reconnaissance — Network enumeration and scanning techniques.

Key Commands & Payloads

The following commands and payloads are commonly used when testing for or exploiting Network Enumeration:

nmap -sn 192.168.1.0/24

nmap -sS -sV -T4 192.168.1.0/24

nmap -p- -sV -sC <target>

nmap -sU --top-ports 100 <target>

nmap -O <target>

nmap -sC <target>

nmap --script vuln <target>

nmap -f -T2 --mtu 24 <target>

masscan -p1-65535 --rate=10000 192.168.1.0/24

Tools & Techniques

Recommended tools for Network Enumeration:

• Nmap: host discovery, port scanning, service detection
• Masscan: high-speed port scanning over large ranges
• Netcat: nc -zv <target> <port-range> for banner grabbing
• SMB: smbclient -L //<target> -N, enum4linux <target>
• SNMP: snmpwalk -c public -v1 <target>
• DNS: dig any @<dns-server> <domain>, dnsrecon -d <domain>
• LDAP: ldapsearch -x -h <target> -b 'dc=domain,dc=com'
• NFS: showmount -e <target>

Prevention & Mitigation

Security recommendations to prevent Network Enumeration:

• Restrict ICMP and port scan detection with firewalls
• Implement network segmentation and DMZs
• Disable unnecessary services and protocols
• Use intrusion detection systems (Snort, Suricata)
• Regularly audit exposed ports and services

References

Additional resources:

• https://nmap.org/docs.html
• https://www.stationx.net/nmap-cheat-sheet/
• https://highon.coffee/blog/nmap-cheat-sheet/