CAPEC-292 - Host Discovery

An attacker sends a probe to an IP address to determine if the host is alive. Host discovery is one of the earliest phases of network reconnaissance. An attacker usually starts with a range of IP addresses belonging to a target network and uses various methods to determine if a host is present at that IP address. Host discovery is usually referred to as 'Ping' scanning using a sonar analogy. The goal of the attacker is to send a packet through to the IP address and solicit a response from the host. As such, a 'ping' can be virtually any crafted packet whatsoever, provided the attacker can identify a functional host based on its response. An attack of this nature is usually carried out with a 'ping sweep' where a particular kind of ping is sent to a range of IP addresses.






  • Scopes 2
  • "Varies by context"
  • Confidentiality
  • Hide activities
  • Bypass protection mechanism
  • Authorization
  • Access_Control
  • Confidentiality

A network capable of routing the attackers' packets to the destination network.

The resources required will differ based upon the type of host discovery being performed. Usually a scanner or scanning script is required due to the volume of requests that must be generated.