Bird
Raised Fist0
Cybersecurityknowledge~5 mins

Reconnaissance and information gathering in Cybersecurity - Time & Space Complexity

Choose your learning style10 modes available
LearnWhyDeepVisualPracticeChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Time Complexity: Reconnaissance and information gathering
O(n * p)
Understanding Time Complexity

When gathering information about a target system, it is important to understand how the time taken grows as the amount of data or targets increases.

We want to know how the effort changes when scanning more hosts or collecting more details.

Scenario Under Consideration

Analyze the time complexity of the following reconnaissance code snippet.


for ip in ip_range:
    open_ports = scan_ports(ip)
    for port in open_ports:
        service_info = get_service_info(ip, port)
        store(service_info)
    gather_os_info(ip)

This code scans a list of IP addresses, checks open ports on each, collects service details, and gathers operating system info.

Identify Repeating Operations

Look at the loops and repeated steps:

  • Primary operation: Looping over each IP address in the range.
  • Nested operation: For each IP, scanning all open ports and gathering info on each port.
  • How many times: The outer loop runs once per IP; the inner loop runs once per open port found on that IP.
How Execution Grows With Input

As the number of IPs increases, the scanning time grows roughly in proportion to the number of IPs and the number of open ports per IP.

Input Size (IPs)Approx. Operations
10About 10 times the port scans and info gathers
100About 100 times the port scans and info gathers
1000About 1000 times the port scans and info gathers

Pattern observation: The total work grows roughly linearly with the number of IPs scanned, multiplied by the number of ports per IP.

Final Time Complexity

Time Complexity: O(n * p)

This means the time grows proportionally to the number of IP addresses (n) times the average number of open ports (p) per IP.

Common Mistake

[X] Wrong: "Scanning more IPs only slightly increases time because ports are scanned in parallel."

[OK] Correct: Even with some parallelism, each IP and port still requires time to scan, so total time grows with the total number of checks.

Interview Connect

Understanding how scanning time grows helps you plan efficient reconnaissance and shows you can think about scaling tasks in cybersecurity.

Self-Check

"What if we limited port scanning to only the top 10 common ports instead of all open ports? How would the time complexity change?"

Practice

(1/5)
1. What is the main purpose of reconnaissance in cybersecurity?
easy
A. To gather information about a target system or network
B. To fix vulnerabilities in software
C. To encrypt data for security
D. To create user accounts on a system

Solution

  1. Step 1: Understand the role of reconnaissance

    Reconnaissance is the initial phase where information about a target is collected to plan further actions.

  2. Step 2: Identify the correct purpose

    Among the options, only gathering information fits the reconnaissance phase.

  3. Final Answer:

    To gather information about a target system or network -> Option A

  4. Quick Check:

    Reconnaissance = Information gathering [OK]
Hint: Reconnaissance means collecting info first [OK]
Common Mistakes:
  • Confusing reconnaissance with fixing or attacking
  • Thinking it involves encryption
  • Assuming it creates accounts
2. Which of the following commands is commonly used for passive reconnaissance to find domain information?
easy
A. ping
B. nmap
C. whois
D. netstat

Solution

  1. Step 1: Identify passive reconnaissance tools

    Passive reconnaissance collects data without interacting directly with the target system.

  2. Step 2: Match command to passive info gathering

    The whois command queries public domain registration info without contacting the target directly.

  3. Final Answer:

    whois -> Option C

  4. Quick Check:

    Passive info tool = whois [OK]
Hint: whois shows domain info without touching target [OK]
Common Mistakes:
  • Using ping which sends packets actively
  • Confusing nmap as passive (it scans actively)
  • Thinking netstat gathers external info
3. Consider this command output from nmap -sP 192.168.1.0/30:
Host 192.168.1.1 is up
Host 192.168.1.2 is up
Host 192.168.1.3 is down
Host 192.168.1.4 is up

What does this output tell you?
medium
A. All hosts are unreachable
B. Hosts 192.168.1.1, 1.2, and 1.4 are reachable; 1.3 is not
C. Only 192.168.1.3 is reachable
D. The scan failed due to syntax error

Solution

  1. Step 1: Understand nmap ping scan output

    The -sP option checks which hosts respond to ping requests in the given IP range.

  2. Step 2: Interpret the output lines

    Hosts marked "is up" respond and are reachable; "is down" means no response.

  3. Final Answer:

    Hosts 192.168.1.1, 1.2, and 1.4 are reachable; 1.3 is not -> Option B

  4. Quick Check:

    Ping scan shows reachable hosts = 1.1, 1.2, 1.4 [OK]
Hint: Look for 'is up' = reachable hosts [OK]
Common Mistakes:
  • Assuming 'is down' means reachable
  • Thinking all hosts are unreachable
  • Confusing syntax error with normal output
4. A user runs the command nslookup example.com but gets an error saying "server can't find example.com". What is the most likely cause?
medium
A. The DNS server is unreachable or misconfigured
B. The domain example.com does not exist
C. The user typed the command incorrectly
D. The network cable is unplugged

Solution

  1. Step 1: Understand nslookup error message

    The error "server can't find" usually means the DNS server queried cannot resolve the domain.

  2. Step 2: Analyze possible causes

    If the domain exists, the likely cause is DNS server issues, not user typo or physical network problems.

  3. Final Answer:

    The DNS server is unreachable or misconfigured -> Option A

  4. Quick Check:

    DNS error = server unreachable or misconfigured [OK]
Hint: DNS errors often mean server issues, not typos [OK]
Common Mistakes:
  • Assuming domain does not exist without checking
  • Blaming user typo without evidence
  • Thinking physical cable issues cause DNS errors
5. You want to gather email addresses from a company website without alerting their security systems. Which reconnaissance method should you use?
hard
A. Active scanning with port scanners
B. Brute force login attempts
C. Sending phishing emails
D. Passive reconnaissance by analyzing public web pages

Solution

  1. Step 1: Understand active vs passive reconnaissance

    Active methods interact directly and can alert security; passive methods gather info without direct contact.

  2. Step 2: Choose method to avoid detection

    Analyzing public web pages is passive and safe for collecting emails without triggering alarms.

  3. Final Answer:

    Passive reconnaissance by analyzing public web pages -> Option D

  4. Quick Check:

    Safe info gathering = passive reconnaissance [OK]
Hint: Use passive methods to avoid detection [OK]
Common Mistakes:
  • Using active scans that trigger alerts
  • Trying brute force which is illegal and noisy
  • Confusing phishing with reconnaissance