Network pen testing assesses network security — external (internet-facing attack surface) and internal (assuming breach inside perimeter) assessments.
External: Nmap scan exposed services → banner grab → CVE lookup → exploit unpatched services. Internal: enumerate AD, find misconfigs, escalate privileges. Segmentation testing: verify VLANs actually isolate traffic. Wireless assessment: test AP security, rogue AP detection.