NMAP is an excellent utility to help you in the reconnaissance phase since you can collect information such as: What IP addresses are live on the network (i.e what IPs have hosts running on them). What ports are open on these IP addresses. What services are running on the open ports (...