Scanning the target operating system is the next step after discovering connected clients in your Metasploit lab. Once you know which machines are online, you need to understand what is running on the target system. This includes identifying open ports, listening services, and early clues about the target operating system. In a lab environment, this step is essential because it helps you move from basic network visibility to technical understanding of the target before using Metasploit modules.
Part 1 usually focuses on foundational scanning concepts and safe scan execution. The goal is not to attack the target immediately, but to build a reliable profile of what is exposed. When you scan a target OS, you are essentially asking: Which ports are open? Which services are responding? Which protocols are in use? Do the responses suggest a Linux system, a Windows system, or something else? These answers help you decide what to investigate further in later steps.
In a Metasploit practice lab, target systems such as Metasploitable or a Windows virtual machine may expose common services like FTP, SSH, Telnet, HTTP, SMB, or RDP. A structured scan helps you find these services instead of guessing. It also helps you avoid wasting time trying unrelated exploits. For example, if a service is not running or a port is closed, there is no reason to test modules that depend on that service. This is one of the most important lessons in ethical hacking: accurate scanning improves precision and reduces noise.
Part 1 also helps you build good scanning habits. You should confirm the target IP address before scanning, ensure the target machine is powered on, and verify that your lab network is working. If scan results look unusual, the issue may be connectivity, firewall filtering, or wrong network configuration rather than the target itself. This is why scanning is both a technical step and a troubleshooting step.
As you perform the scan, document the results carefully. You should note:
- target IP address
- open ports discovered
- detected services and versions (if available)
- filtered or closed ports (if relevant)
- any unusual banners or responses
- early operating system clues
These notes become the foundation for deeper enumeration and exploitation planning in later topics. By the end of Part 1, you should be able to run a basic target scan in your authorised lab, interpret the initial results, and build a clean service map that supports the next stage of OS scanning and service analysis.
