netGhost recon technique 

It's essential to use this technique responsibly and with proper authorization. Attempting to probe a network without permission or for malicious purposes can be a violation of network policies and might be illegal. Always ensure you have the necessary rights and permissions to perform such troubleshooting actions on a network. 

One way to verify if a host is on the same IP subnet as you even though they have a software firewall in place is to use the ping and arp commands. Ping is a network utility that sends an ICMP echo request packet to a destination IP address and waits for an ICMP echo reply packet from that address. Arp is a network utility that displays or modifies the IP-to-MAC address translation tables used by the Address Resolution Protocol (ARP).

This technique can be a useful troubleshooting method in situations where you suspect a host is online despite reports of it being offline. Here's how it can be a helpful troubleshooting technique: 

In this scenario, two hosts are situated within the same network subnet. The host, designated by the IP address and a subnet mask of, represents the machine utilized in this demonstration. Concurrently, the target machine is identified by the IP address and shares the same subnet mask of

Within the context of this depiction, a Hyper-V virtualization environment is employed, featuring two Windows workstations.

You can do an ARP - a and list the arp table via command line interface this will display the Mac addresses that are correlated with the IP addresses that the machine is communicating with take note that there is no entry for

Next you can use the Ping command and in this example ping and this host has the Windows Firewall enabled and is blocking ICMP requests as shown in the picture

Following the occurrence of a "Ping Request Timeout,"reissue the "ARP -a" command. Upon executing this command, you will observe the presence of an entry denoted as, accompanied by its associated MAC address. This observation underscores a significant point: despite the firewall's obstruction of the ICMP request, it becomes evident that the host remains operational. Furthermore, the existence of this entry reinforces the notion that there is, in fact, a host associated with the IP address.

The host machine and target machines are presented alongside their respective IP addresses and MAC addresses. This information has been gleaned through the utilization of the "ipconfig/all" command within the terminal interface.  Take note the MAC address 00-15-5D-01-A9-05 from as it corresponds to the MAC address in the ARP table of

This process verifies that if a host is on the same IP subnet as your machine and by using Address Resolution Protocol (ARP) you can discover its MAC address, even if a software firewall is in place. This method leverages the inherent behavior of network protocols and layer 2 (Data Link Layer) addressing. 


If you've enjoyed exploring my projects and want to see more amazing creations, your support can make a big difference! By contributing, you're helping me continue to innovate and bring even more exciting projects to life.  Don't forget to like, subscribe, and follow for updates on the latest developments. Thank you for being a part of this journey! 

Click here to make a difference with your donation today!