Chapter 10. Network and Host Discovery
Finding hosts by querying Domain Name Servers (DNS), Active Directory, or other information databases doesn’t tell you everything you want to know about the network you’re operating on. Here’s a list of the information that you won’t usually get from a query:
Network infrastructure systems
Network access controls
Telephone switches and systems
Systems not joined to managed domains
Unauthorized cross-connections to other networks
By contrast, when you sweep a network, the information you gather often proves critical to network security. On a large network, the security team and even some of the operations team might not know about all the connections that are available ...