Level 1 — Discovery & Reconnaissance
Techniques for discovering hosts and mapping networks in controlled environments.
Goal
Learn to discover hosts, map networks and identify services ethically and safely.
Concepts
- ARP and local discovery
- Port scanning and service identification
- Ethical scanning boundaries
Tools
nmap(scanning and service detection)arp,ip neightcpdump,ngrep
Suggested labs
Discovery of subnet ranges, active OT-ICS hosts, TCP/UDP services, and intercepted Modbus/TCP communications.
Exploration of subnet masks, IP addressing, network segmentation, and routing behavior across multiple workstations.
Nmap scanning techniques in corporate subnets using ICMP, ARP, TCP and UDP analysis.
Exploration of fundamental network topologies through ARP analysis, ICMP testing and Layer 3 path mapping.
Practical exercises
- Run
nmapscan in a controlled network and interpret the results - Identify vendor/OUI from MAC addresses