Network Footprinting

1.9 Network Footprinting

My resume of module 02 footprinting form CEH material

The next step after retrieving the DNS information is gathering network-related information. We will now discuss network footprinting, a method of gathering network-related information. This section describes how to locate network range, determine the OS, Traceroute, and the Traceroute tools.

Locate the Network Range

One needs to gather basic and important information about the target organization such as what the organization does, who works there, and what type of work they perform in order to perform a network footprinting. The answers to these questions provide information about the internal structure of the target network.

After gathering the information, an attacker can proceed to find the network range of a target system. Detailed information is available from the appropriate regional registry database regarding IP allocation and the nature of the allocation. An attacker can also determine the subnet mask of the domain, and trace the route between the system and the target system. Traceroute tools that are widely used include Path Analyzer Pro and VisualRoute.

Obtaining private IP addresses can be useful to rogues. The Internet Assigned Numbers Authority (‘IANA’) has reserved the following three blocks of the IP address space for private Internets: (10/8 prefix), (172.16/12 prefix), and (192.168/16 prefix).

Using the network range, the attacker can get the information about how the network is structured, which machines in the networks are alive. Using the network range also helps to identify the network topology, access control device, and OS used in the target network. To find the network range of the target network, one needs to enter the server IP address (that was gathered in Whois footprinting) in the ARIN Whois database search tool. A user can also visit the ARIN website ( and enter the server IP in the SEARCH Whois text box. This gives the network range of the target network. Improperly set up DNS servers offer the attacker a good chance of obtaining a list of internal machines on the server. In addition, sometimes if an attacker traces a route to a machine, it is sometimes possible to obtain the internal IP address of the gateway, which can be useful.

Attackers typically use more than one tool to obtain network information, as a single tool cannot deliver all of the required information.

Traceroute Tools

Traceroute tools are useful in extracting information about the geographical location of routers, servers and IP devices in a network. Such tools help us to trace, identify, and monitor the network activity on a world map. Some of the features of these tools include:

  • Hop-by-hop traceroutes
  • Ping plotting
  • Reverse tracing
  • Port probing
  • Historical analysis
  • Detect network problems
  • Packet loss reporting
  • Performance metrics analysis
  • Reverse DNS
  • Network performance monitoring

Similar to Traceroute, Path Analyzer Pro and VisualRoute are two tools that trace the target host in a network.