Any footprinting process for some network requires the determining the host names and IP addresses of all systems, servers, and nodes connected to the network as a very important part of the process. Commands like the Dig command be used for performing zone transfers on DNS records. This information can then be used for creating network diagrams and establishing a clear picture of the organization of the network. For instance, it can be seen how many hosts are there on the network as well as the number of subnets that have been made.
Considier the following example in which mid.edu has been used for demonstrating how to conduct zone transfers in order to understand the kind of information that may be collected as a result of a zone transfer. If mid.edu does not work when this technique is applied from now on, then that is because of the security measures in use by universities that are always tightening their grip, so it is something that is always evolving and cannot be relied upon to stay as it is forever. The method is to boot a computer with Linux with the help of a BackTrack DVD, open the Konsole shell, input dig mit.edu into the command prompt and Enter the input. A screen will be displayed which details things like name servers, shown as “NS.” These will be BITSY.mit.edu, STRAWB.mit.edu, and W2ONS.mit.edu. Of course, this info also may change with time. For performing the zone transfer on one of these servers, type, for example, dig@BITSY.mit.edu mit.edu axfr. The second statement shows the domain of the server. After some waiting, the screen shows records in the thousands. The transfer can be stopped using Ctrl+C or let continue for the complete transfer and a summary at the end. The transfer is to be done again by adding |less after the command used previously for the |less parameter. Additional records can also be seen using Enter or Spacebar.