A network segment is a group of computers connected using a shared medium. eg. the Ethernet switch or WiFi access point.
In an IP network, a subnetwork (subnet) is usually the equivalent of one or more network segments connected together and configured to use the same router.
The network segment refers to a physical connection, while a subnetwork refers to a logical connection.
A subnetwork has its own IP address range and is connected to a more extensive network via a router. There might be a firewall enforcing security policies depending on each network.
The figure above shows two types of subnets:
- Subnets with
/16- the subnet mask can be written as
255.255.0.0. This subnet can have around 65k hosts.
- Subnets with
/24- the subnet mask can be expressed as
255.255.255.0. This subnet can have around 250 hosts.
As part of active-recce, we want to discover more information about a group of hosts or about a subnet.
# Same subnet scanning
If you are connected to the same subnet, you would expect your scanner to rely on ARP queries to discover live hosts within that subnet (eg. Network A at
# Different subnet scanning
If we are connectied to a subnet different from the subnet of the target system, all packets generated by your scanner will be routed via the default gateway (router) to reach the systems on another subnet.
The ARP queries won’t be routed and hence cannot cross the subnet router. ARP is a link-layer protocol, and ARP packets are bound to their subnet.
Click on the “View Site” button to start the network simulator. We will use this simulator to answer the questions in tasks 2, 4, and 5.
Answer the questions below
Send a packet with the following:
- From computer1
- To computer1 (to indicate it is broadcast)
- Packet Type: “ARP Request”
- Data: computer6 (because we are asking for computer6 MAC address using ARP Request)