It’s a well-known saying that gathering maximum information about the enemy is half the work done in defeating him. The same holds true when you are about to attack a target (a potential victim); the first step is to gather as much information as possible. Information gathering can be broadly classified into two categories – Active and Passive. In an active reconnaissance phase, you probe the target directly to reveal information, and in passive reconnaissance, the attacker tries to extract information indirectly.
Generally an attacker tries to seek information about the Domain Name, Network Blocks, and system architecture and system enumeration via the Internet. For gaining remote access into the victim’s PC, he would also seek information about authentication mechanisms. If the attack is happening within the network, the information under siege would be network protocols, TCP and UDP services, system enumeration, and general network topology and architecture. So usually the network range is determined initially which is then followed by discovering open ports on the target. Following this, the services and enumeration of users, workgroups, etc. takes place.
Full story at InfosecInstitute.