OK, so we know what scanning is.

Bien, ya sabemos lo que es el escaneo

We also created our virtual machine that is vulnerable and now we are ready to see
what information
can we get by scanning that machine.
También hemos creado nuestra máquina virtual como vulnerable y ahora estamos listos
para ver qué información
podemos obtener escaneando esa máquina.

But before we scan a single machine to discover open ports, we must first discover
what machines we
got on our network.
Pero antes de escanear una sola máquina para descubrir los puertos abiertos,
debemos descubrir primero qué máquinas
tenemos en nuestra red.

So the first part of scanning a network is to figure out how many hosts you have
active and what are
their IP addresses.
Así que la primera parte del escaneo de una red es averiguar cuántos hosts tienes
activos y cuáles son
sus direcciones IP.

In this case, we are going to act as if we got a task to scan our home network and
we want to discover
vulnerable machines within our home network.

So let's start by saying how many calls we got active first.

There are many ways that we can go about doing this, since I know that all the
possible hosts for my
network must go in range from 130 to that 168 at one point one to 190 to that 168
at one that two hundred
and fifty five since my IP address starts with these three first numbers.

Let me just type the password and here it is, 192 to 168 at one.

This is the part that does change.

And to scan all two hundred and fifty for hosts inside of my network, I can just go
and ping each and

every one of them and see whether they respond to our pinging or not.

If they respond, they are online, if not, they are offline.

But what if I had to test more than one network?

What if I had ten more networks besides this one that I needed to test?

Am I about to try to ping every possible host from all those networks?

Of course not.

That's why we are going to use different tools to perform this much faster.

Let us try with the first tool called AAFP.

Our packets are used in Discovery hosts on the network, but more about them later
on once we get to

the man in the middle section.

For now, just remember that they packets for discovering hosts before we use this
are to make sure

your display table is started up.

And in case you got some other devices that you can connect to the Internet,
connect them just so we

can get various output and try to figure out which IP address belongs to which
host.

Now, our auto works based on those are packets that I mentioned.

So if I type arc that has helped and press enter, it will tell me command, not
font.

Now this is because I must run the tool which pseudo privileges.

So should our help.

And here is the tool.

He doesn't have too many options.

We got a which displays all hosts in alternative BSD style that E display hosts in
default the next.

And these options down here are not something that we are interested in.

All we want to do is use this Dash eight option.

So if I go down here, clear the screen and type pseudo or dash eight.

It will tell me it only discovered my router, but why is that I got my

I also got my laptop running, so it should be discovering other hosts as well.

Sometimes we must think first before it appears right here, since this information
is being read from

our card tables.

For example, try to ping my portable.

It will get responses back.

And if I run our there again now, we will see that we got an entry 40 meters
portable inside of our

arc tables.
So this tool doesn't seem to be that good for discovering cause sometimes it will
have all the hosts

available since you already communicated to them before.

But sometimes it seems that we must be the host first before the shows.

Then that's why a much better option is still called net discover to run and
discover if we can simply

type through the net, discover inside of your terminal press, enter and this tool
will find all of

the available devices on your network on its own.

You don't have to ping anything.

You don't have to communicate with anything.

You can just leave this tool to run and it will find all the devices on your
network.

So right here, it managed to find five of them.

We can see up here that is still standing and it is just scanning different
subnets, so it already

finished mine and you can control this if you already see the result, since this
will scan all the

usual subnets that occur in our network right here, we see that we captured five
hour packets and there

are requests in our replies.

But once again, more about that later.

This just means that we managed to discover five hosts using these packets and
these are those five

hosts.

Let me control see this since it wasn't really managed to find any more host.

And right here, we got their IP addresses, they are Mac addresses and they're Mac
vendor name or hostname.

So right here, I know that this is Minmetals floatable, which is this one, this one
I to the 168

that fund the seven is Miko's machine or my physical machine that time running my
colonics on these

two down here are two laptops, I believe.

And this right here is my router.

And how do I know that this is my router?

Either it will be something like zero or that one.

And just you can be sure which IP addresses you're out there, you can type the
comment nets that mesh

and armed.

And under this Gateway column, we should see the IP address of the router so you
can see they do match.

The next step would be to go about scanning each and every one of them.

And for this, we're going to be scanning government exploitable.

And you can also scan your whole machines just for even more practice.

See you in the next video.