Information gathering
The probability and success factor of every attack depends on information gained through passive and active scanning of the network. Footprinting and reconnaissance are synonyms for the term information gathering.
The following diagram depicts the virtual/physical infrastructure we will be using for our analysis and for replicating the attacks:
The access point is located at 192.168.1.1 and it allocates the IP address to connected devices using DHCP; the attacking box (Kali) is configured with a manual IP address 192.168.1.106.
PING sweep
Let's begin with our first scenario, where an attacker is trying to perform a ping sweep attack over the subnet his machine is a part of (assumption: The attacker is an internal employee). Refer to the following screenshot, which displays displays the traffic captured as a result of running a bash script (ping sweep scan); the script pings each IP, starting from 192.168.1.100 to 192.168.1.110:
Ping sweep
Starting from packets 1-4, ARP requests...
