I have just started studying for CEH exam v8 and I am trying to get the core of so called hacking phases.
I could not totally understand the practical difference between the first two phases. In recon a pentester should get all available info from the target. As far as I can see it would be expected he uses tools like nmap in order to do that. For example, he could use nmap to discover how many machines are in the network.
On the other hand if he is using nmap to understand the network would not he be scanning it?
I know it is a silly question and is just about a matter of definition, but I really want to have a systematic understanding of pen testing.
By the way, I am using "CEH all-in-one" by Matt Walker as a main resource.