Published: 06 August 2021    Last Updated: 03 November 2022

A friend of mine mentioned recently that he has to work out subnet masks in his head for an exam and commented in reality he’d just use a subnet calculator. Whilst this is probably true, there’s a quick trick that might help if you’re calculating subnets under duress. This isn’t a full write up and offers no real explanation of why it works, it’s just pointing out a trick you may have missed which might come in handy one day!

Published: 19 October 2020    Last Updated: 03 November 2022

IPv6 is not new, RFC1883 discussed the protocol back in 1995. However, it has been updated several times, becoming a Draft Standard with RFC2460 in 1998, and an Internet Standard with RFC8200 in 2017!

If you’re wondering if there was an IPv5 the answer is sort of, in the Experimental Internet Stream Protocol, Version 2 (ST-II) which used the IP version number 5 within its packet header, that’s RFC1190. IPv7 was sort of RFC1475, IPv8 was sort of RFC1162, and for an April fools joke we go IPv9 in RFC1606.

Published: 19 October 2020    Last Updated: 03 November 2022

Before being able to determine if systems are vulnerable, it’s critical to first find as many active systems within the scope as possible and to accurately determine what services those systems expose. A common tool for use in network mapping is Nmap.

Before we start looking at the many, many, options that Nmap has, we'll take a look at a simple example. Nmap can be invoked with a target IP address and it will perform a default scan. If Nmap is invoked with administrative/root privileges it will perform a "half-open" SYN scan which is beneficial for its potential to be stealthier and faster than a "full" scan. A full-handshake scan can will be performed if administrative permissions are not granted, or optionally with the -sT flag.