Enumerating targets on your local network will be done here using a tool called Network mapper (Nmap) and another tool called Arping. Nmap itself is the de facto standard for network assessment and can pretty much do anything Hping, Fping, and Arping can do. In many situations, especially in firewall assessments, penetration testers need to be able to fine-tune the packets that are sent and perform analysis on precisely collected data. Tools such as Hping, Fping, and Arping are perfect for this as they allow penetration testers to construct any arbitrary packets for almost any networking protocol required.

In the next section, we'll cover the Arping tool and demonstrate how it can be used to perform discovery-based ...