Ep 16. Identifying Live Hosts

Learning Network Penetration Testing with Kali Linux is a TV series that is geared towards helping viewers understand the complex world of network security. The show has been running for a while now, and in season 1, episode 16, they take on Identifying Live Hosts, a crucial aspect of penetration testing.

The episode kicks off with an introduction to the concept of live hosts. The host system can be a computer, mobile device, or any other device connected to a network and identified by a unique IP address. The hosts not only have the IP address, but they also contain information about the network that they are connected to, and this information is critical for understanding the vulnerabilities of the system.

The hosts can vary in form, for instance, the hosts can be open or closed, altering how attackers can precisely identify live hosts. The open hosts refer to systems that allow ICMP echo replies from the network, and they make for easier identification of the live hosts. On the other hand, closed hosts refer to systems that do not allow ICMP echo replies from the network, making it difficult to identify the live hosts.

The show then delves deeper into methods used for identifying live hosts. First, they explore the traditional method of using ping scans, which involves sending an ICMP echo request to the network. The systems that reply to the echo request are then identified as live hosts. The downside of using this method is that the machine might be configured to reject ICMP packets for security purposes.

To counter that, the show goes ahead to explain how using the ARP scanner, the Address Resolution Protocol can be used to identify hosted on local networks. Here, the Kali Linux ARP scanner sends an ARP request to the network, especially for Class C IPv4 addresses, and parses the responses it receives to identify active live hosts. The advantage of using the ARP scanner is that it is faster than the ping scan and can identify the live hosts even when the ICMP packets are blocked.

An important point they stress on is the significant role that administrators play in ensuring their network security stays intact by ensuring that the unused and compromised network ports are shut off. As invariably unused and open ports become gateways for attackers into the network.

Finally, the show touched briefly on the NMAP scanner, which is a more advanced tool in identifying live hosts. The NMAP scanner is a free and open-source utility that helps you explore network security, inventory network hosts, manage service upgrade schedules, and monitor host or service uptime.

In their quest to showcase the possibilities of the tool, they enlighten us a little on how the NMAP scanner works, which is by sending network packets to hosts and analyzing the responses. The tool works by identifying the open ports, which are then used to get the information about the host system.

In conclusion, season 1, episode 16 of Learning Network Penetration Testing with Kali Linux focuses on Identifying Live Hosts. The show successfully details the use of Ping Scans, ARP Scanners, and finally, the NMAP Scanner to identify live hosts. The episode implores network administrators to ensure that they keep their networks secure by shutting down all unused and compromised network ports.