An attacker engages in network reconnaissance operations to gather
						information about a target network or its hosts. Network Reconnaissance
						techniques can range from stealthy to noisy and utilize different tools and
						methods depending upon the scope of the reconnaissance. Some techniques may
						target single hosts while others are used against entire network address
						ranges, such as a CIDR class C or B network. In general, reconnaissance
						activities fall into 5 distinct categories.1. Host Discovery: The ICMP methods, as well as messages of other
							protocol types, commonly UDP and TCP, to determine if a host is active
							on an IP address.2. Port Scanning: The application of various methods to determine the
							status of the ports on the remote device. Each machine can have a
							possible 65535 UDP and TCP ports that provide a service to network
							clients. The goal of port scanning is to determine which ports on a
							machine are open, as well as which ports are firewalled or
							filtered.3. Operating System Fingerprinting: use of various probing methods to
							determine idiosyncratic behaviors of a remote device that allow the
							attacker to determine the operating system. Although networking
							protocols are governed by standards, each operating system exhibits
							unique characteristics of its implementation of these standards. By
							sending malformed packets or datagrams an attacker can solicit responses
							from an device that allow a highly reliable inference about its
							operating system.4. Service Enumeration: Application-layer services can run on
							arbitrary ports, so an attacker must probe or interact with a remote
							port in order to obtain a fingerprint or signature of the application or
							protocol daemon using the port for communication.5. Firewall Auditing: An attacker uses a number of techniques to
							determine which types of data can be infiltrated or exfiltrated through
							a firewall. These techniques require a responsive host protected by a
							firewall so that the attacker can map out which types of protocols and
							message types reach the' host or hosts and generate a response.