Path
Discovery & Mapping
Plan, document, and execute safe network discovery. Learn the essentials of scope definition, rate-limited scanning, banner grabbing, and mapping hosts + services.
What you’ll cover
- How to define scope & secure written permissions
- Rate-limited scans: when less is more
- Safe banner grabbing & version detection
- Building network maps of hosts, subnets, gateways, and services
Safety first
Always work in explicitly approved environments. Never scan or map networks you don’t own or manage without written consent.
Tip: tie this path with Network & Wi-Fi to connect packet capture with topology mapping.
Hands-on Labs
Scope Builder Easy
Draft a sample permission doc, define IP ranges, and mark exclusions.
Ping & Rate Limits Medium
Simulate ICMP sweeps; practice throttling probes to avoid alarms.
Banner Grab Demo Medium
Use safe lab targets to collect HTTP/SSH banners and compare results.
Topology Map Hard
Assemble subnet → host → service relationships into a simple map.
Cheat-sheets
Scope & Permissions
- Written approvals are mandatory
- Define networks, ports, & exclusions
- Keep a change log
Rate-Limited Scans
- Throttle probes: 1-2 req/sec max in prod
- Randomize host order
- Favor passive discovery where possible
Banner Grabbing
- Safe tools: curl -I, nc (demo ports only)
- Compare service vs. OS banners
- Never exploit; just fingerprint
Mapping
- Draw subnet → host → service layers
- Use simple diagrams first
- Document with timestamps & notes