eJPT Day 4: Footprinting & Network Scanning, from OSI Model to Real-World Nmap Techniques

When people start learning penetration testing, many jump straight into tools. But Day 4 of my eJPT preparation showed me something important:

Without understanding networking fundamentals, scanning is just noise.

This phase focused on assessment methodologies, including footprinting and scanning, combining theoretical concepts (OSI model, TCP/IP) with practical Nmap techniques used in real-world security assessments.

Why Footprinting & Scanning Matter in Penetration Testing

Before exploitation begins, a penetration tester must answer key questions:

  • Which hosts are alive?
  • Which ports are open?
  • What services are running?
  • What operating systems are present?

This process is known as network footprinting and scanning, and it directly influences the success of later attack stages.

From a defensive perspective, this is also where attackers become visible on the network.

Networking Fundamentals: The Real Foundation

The course started with a strong networking primer covering:

🔹 The OSI Model

Understanding the OSI layers clarified how scanning techniques operate:

  • Network Layer → IP addressing and routing
  • Transport Layer → TCP and UDP communication
  • Application behavior tied to service detection

Instead of memorizing layers, I began seeing them as a map for how reconnaissance travels across a network.

🔹 TCP, UDP, and ICMP

Each protocol plays a role in scanning:

  • TCP enables reliable connections and is commonly used in SYN scans
  • UDP scanning is slower but reveals different services
  • ICMP helps identify live hosts during discovery

This reinforced how protocol knowledge directly impacts scanning accuracy and stealth.

Host Discovery: Finding Live Systems

Before deep scanning, testers must identify which hosts are active.

Techniques learned included:

  • Network mapping concepts
  • Ping sweeps
  • Nmap host discovery options

Host discovery reduces unnecessary noise and helps build an accurate picture of the environment.

From a SOC perspective, repeated discovery attempts may indicate early reconnaissance activity.

Port Scanning: Mapping the Attack Surface

Port scanning moves beyond identifying hosts; it reveals exposed services.

Key areas explored:

  • TCP SYN scanning
  • UDP scanning
  • Service version detection
  • Operating system fingerprinting

Each open port represents a potential entry point.

This stage made it clear that scanning is not just technical, it's strategic.

Nmap Scripting Engine (NSE): Automation in Reconnaissance

One of the most powerful topics today is the Nmap Scripting Engine (NSE).

NSE allows testers to automate tasks such as:

  • Service enumeration
  • Vulnerability checks
  • Information gathering

Instead of running multiple tools separately, NSE turns Nmap into a flexible reconnaissance platform.

However, automation also increases visibility, something defenders can monitor through logs and alerts.

Security Takeaway

Day 4 changed how I view scanning.

It's not just about running commands, it's about understanding how networks respond and how defenders detect abnormal traffic.

Strong networking knowledge transforms tools into strategy.

Final Thoughts

This stage of eJPT preparation felt like moving from beginner concepts into structured technical assessment workflows.

Learning the OSI model, protocols, and Nmap techniques together helped me understand both sides of cybersecurity:

  • How attackers map environments
  • How defenders detect and respond to reconnaissance

I'll continue documenting my learning journey as I move deeper into practical penetration testing.