Identifying Hosts

We can use Wireshark and TCPDump to "put our ear to the wire" and see what hosts and types of network traffic we can capture.

If we are on a host without a GUI (which is typical), we can use tcpdump, net-creds, and NetMiner, etc., to perform the same functions.

We can also use tcpdump to save a capture to a .pcap file, transfer it to another host, and open it in Wireshark.

sudo -E wireshark
sudo tcpdump -i ens224

<aside> 💡

Depending on the host you are on, you may already have a network monitoring tool built-in, such as pktmon.exe, which was added to all editions of Windows 10.

</aside>

Responder is a tool built to listen, analyze, and poison LLMNR, NBT-NS, and MDNS requests and responses.

sudo responder -I ens224 -A

Fping

• fping pings multiple hosts at once, unlike standard ping.
• Uses round-robin querying for faster checks.
• Highly scriptable for automation.
• Good for quickly identifying active hosts on a network using ICMP.

fping -asgq 172.16.5.0/23

Nmap

sudo nmap -v -A -iL hosts.txt

5,130,225