It is like reconnaissance because it's goal is to gather useful information about the target environment to leverage potential exploits.

Helps in identifying system vulnerabilities and local network topology.

Two types of footprinting:

1) Passive - in it we do not touch the network or engage with the target.

Sites we can look for information passively:
1.Target website/log,Job listings
2.Search Engines
3.Whois information,Registry for internet numbers,Netcraft-site report
4.Social Media
5.Archive[.]org - Way Back Machine
6.Press
7.Newsgroup,Articles

2) Active - in it we use tools and probe the target to figure out what things are.

Some common footprinting practices after getting access to the network infrastructure:
1.Gathering information
2.Determining the local network's IP addressing scheme
3.Active machine identification (via ping sweeps and other methods)
4.Identifying open ports and access points
5.Determining the operating systems running on active machines
6.Mapping the local network infrastructure
7.Capturing local network traffic