One of the many features of nmap. This feature set shows you how to utilize nmap as a ping sweep utility. 

Hping is another utility that you may use for basic ping sweeps and more advanced attacks and discovery methods, which will be discussed in later modules or as it becomes applicable. 

Although this technique is rather loud if executed in a manor that is one system after the next, this step has the potential to discover systems that may be alive and responding on the remote end.

 nmap is the defacto standard when it comes to port and service discovery and some version information gathering regarding the ports. This document will also be extended to cover the NSE (Nmap scripting engine) which can do a lot more than the standard feature set of nmap. 

 This article describes how to utilize strobe port scanner to discover which ports/services are open and listening and potentially which operating system is in use on the remote system. 

 This article describes how to utilize netcat as a basic port scanner to discover which ports/services are open and listening and potentially which operating system is in use on the remote system. 

This process helps in either testing your firewall, and also discovery of the system 1 hop passed the main firewall in your network. Understanding a firewall ACL may also help you better understand the security posture and bypass security devices! 

 Port scanning is an important step in the discovery process for a penetration test. This can tell you services the systems are utilizing, and if any information regarding that service (Version info) can be obtained and

SNMP may be utilized to gather information about a network, its topology and systems regarding (potentially) user names, versions and other information that can be utilized effectively in an attack. This information can be from up time build numbers and more! Adding this information to a penetration test can also help you select user accounts to brute force, and systems you may be well versed to exploit.