The next phase to reconnaissance is scanning. In this phase an attacker tries to gather information like IP address, operating system, open ports, running services etc. This information is further used by him to study kind of attack he must perform. Scanning can be classified into three major types,
During port scanning an attacker tries to find out number of ports open on target system and services running on them. The next stage is to find out number of active machines the target have and lastly vulnerability scanning in which attacker tries to get details about weaknesses present in target system.
There are several tools that can be used to perform port scanning among which nmap is considered as best which I have already discussed long before on this blog. To read about it have a look on Network Scanner Nmap.
Here in this section we will see how to determine active systems. For our practical we will use Angry IP Scanner. Angry IP Scanner is a tool which pings several hosts in a row to find out which of them is currently alive. Download Angry IP Scanner from http://www.angryip.org/w/Download. Run it and specify number of IP address you want to scan.