Discover hosts within server from compromised machine, this is part of the lateral movement session, before Port Forwarding and Tunneling.

Using `fping`

fping -agq 10.10.10.0/24

-a: shows systems that are alive.
-g: generates a target list from a supplied IP netmask.
-q: quiet mode, doesn’t show per-probe results or ICMP error messages.

Using `nmap`

nmap -sn 10.211.11.0/24

-sn: Ping scan to determine which hosts are up without port scanning.