top of page


Network discovery is the process through which computers and network devices able to find each other. It enables network devices over a local network to connect and communicate with other devices. In penetration testing, this progress also known as scanning. It is a method in which the penetration tester use a various of tools to try and find available device connected the network that he manage to tap into or connected. After device is scan and identified, the penetration tester will move to the next step which is information gathering on the target selected or aimed.

In this post I am going to introduce a few tools in both windows and kali linux operating system to perform scanning over the militarized zone which I have setup earlier (if you missed the setup progress, feel free to check out my previous post)

On Windows Operating System Platform:

Tools used:

  1. Solarwinds port scanner

  2. LanSweepers

Solarwind port scanner

Open your web browser (in my case it is google chrome), search for solarwind port scanner, click on the highlighted result


Fill in all the necessary information, then click PROCEED TO FREE DOWNLOAD

Click DOWNLOAD NOW to begin download

After download is complete, right click on the compress download file and click extract all to extract it with any unzip tools

Click Extract

Go to the directory where you extract the file, right click on portscanner application and click Run as administrator to begin installation.

Tick I accept the terms of the license agreement and click ACCEPT

Key in the IP address range of the network connected by the target or hostname of the target if you know the hostname of the target’s PC, port range is required as well, then click SCAN on the bottom to begin scanning

Select active host in the drop-down menu as highlighted in the picture shown above

On your right you can see the hostname of the device scanned, as well as its open port

Port number, protocol and status are listed as well

Above are the active host with its respective hostname and open port based on my setup from previous post (feel free to check that out if you missed that)

LAN sweeper:

Open your web browser, search for LAN sweeper, click on the second result as shown in the picture.

Enter email address then click Download Lansweeper to start download lansweeper.

Wait for the download to be complete

Go to the email account which you have key in earlier at the lansweeper download page, you will noticed an email regarding unlock your installation, click on Grab Your Key.

It will direct you to a new page, copy the key as listed

Right click on the downloaded LansweeperSetup application and click Run as administrator.

Click Next

Click I Agree

Tick easy install and click Next

Click next

Click Install

Click Finish

Launch the lansweeper

Tick I have a key and paste the product key which you have copied earlier.

Click Next

Key in the IP range based on your network interface then click Next

If you are unsure what kind of asset is under the network, just leave it as default and click next

Click next

Key in the credential (local account), or you can just key in .\Administrator for windows computer then click skip

Key in root for linux computer then click skip

Click next

Click skip


Scanning has started

Result can be seen on your right under Last seen asset tab

Hostname, domain name and IP address are listed in the result

On Kali Linux platform, we will use other tools to start perform scanning on the target.

Tools used in this post:

  1. Zenmap

  2. Sparta

  3. Arp-scan

Key in the target (network or the target connect to follow by / and the subnet mask) in this case the target is connected under the network and the subnet mask is 24. Click on Scan to start scanning.

When the scanning is complete, on your left you can see a lot of host listed under the host tab, click on any of them to view details information about it on your right. Details such as IP address and open port, protocol name could be gathered via this scan.

Key in the target (network or the target connect to follow by / and the subnet mask) in this case the target is connected under the network and the subnet mask is 24. Click Add to scope


to show live host in the subnet

16 views0 comments


bottom of page