The Art of Reconnaissance

An August 2001 SANS whitepaper titled “The Art of Reconnaissance – Simple Techniques”, by Sai Bhamidipati, discusses a step-by-step approach to basic reconnaissance.

Basic Reconnaissance –

Step 1: DNS
Tools: whois and host queries to yield contact information of target website

Step 2: IP Addresses
Tools: whois queries to yield public server IPs of the target website

Step 3: Tracing IP
Tools: tracert / traceroute queries to detect the routers and locations of hops

Further Reconnaissance-

1. Ping Sweeps, Fingerprinting, and Port Scanning
Tools: ping, ICMP echos, finger queries, nmap

2. Fingerprinting detected services
Tools: ftp, telnet commands


Reconnaissance tools are available freely and are at the hackers disposal. Security professionals should invest time and effort in using and mastering them to view their networks through the eyes of hackers and cover up all chinks in the armor.


Use the above commands and tools only on servers that you have explicit permission to play with.


Bhamidipati, S. (2001). The Art of Reconnaissance – Simple Techniques. Retrieved from