ICMP and IP Network Mapping Tricks Every Pentester Needs To Know

ICMP Address mask messages ICMP can be used to identify a given target host’s IP address mask (also called a subnet mask), which can be useful in distinguishing subnets within an IP address range. This is achieved by sending an ICMP address mask request to our target. Hosts that implement ICMP address mask responses may then respond with an ICMP address mask reply containing the host’s 32-bit subnet mask. Most hosts won’t respond to ICMP address mask messages, but it’s useful to know when they do as this often signifies an older TCP/IP stack in use and might indicate the presence of other vulnerabilities.

Continue reading