Discovering connected clients is one of the earliest practical steps in information gathering inside a Metasploit lab. Before you scan services or test vulnerabilities, you first need to identify which systems are actually present on your lab network. In simple terms, this topic helps you answer the question: which devices are connected and reachable in my current environment? In a virtual lab setup, these devices may include your Kali Linux machine, Metasploitable, Windows 10 VM, and any other intentionally added test systems.
This step is important because many beginner issues in ethical hacking labs come from incorrect assumptions about IP addresses or network connectivity. A target may be powered off, attached to the wrong virtual network, blocked by firewall rules, or using a different IP address than expected. Discovering connected clients helps you confirm the active systems before moving forward. It also helps you verify whether your NAT Network, host-only network, or other virtual network configuration is working as planned.
In practice, discovering clients usually involves host discovery methods that identify live devices on a subnet. Depending on the course flow, you may use command-line tools, ARP-based discovery, ICMP-based checks, or other network scanning approaches. In some environments, ICMP responses (ping replies) may be blocked by firewall settings, especially on Windows systems, so you may need to rely on other discovery methods. That is why this topic is not only about “finding devices,” but also about understanding why some devices do or do not respond.
As you discover clients, it is good practice to document:
- detected IP addresses
- hostnames (if available)
- MAC addresses (if visible)
- device type assumptions (for example, likely Windows VM, Linux target)
- notes about response behaviour (ping blocked, partial response, etc.)
This information becomes the starting map for the rest of your reconnaissance and Metasploit workflow. It helps you target the correct machine and reduces mistakes such as scanning the wrong host or repeating failed attacks on a system that is not reachable.
By the end of this topic, you should be able to identify active systems in your lab network, confirm whether your target machines are online, and build a basic host inventory that supports the next stages of scanning, service detection, and authorised exploitation practice.
