Finding hosts by querying Domain Name Servers (DNS), Active Directory, or other information databases doesn’t tell you everything you want to know about the network you’re operating on. Here’s a list of the information that you won’t usually get from a query:
Network infrastructure systems
Network access controls
Telephone switches and systems
Systems not joined to managed domains
Unauthorized cross-connections to other networks
By contrast, when you sweep a network, the information you gather often proves critical to network security. On a large network, the security team and even some of the operations team might not know about all the connections that are available ...