ATT&CK v18 has been released! Check out the blog post or changelog for more information.

Detection of Network Sniffing

Technique Detected: Network Sniffing | T0842

ID: DET0800

Domains: ICS

Analytics: AN1932

Version: 1.0

Created: 21 October 2025

Last Modified: 21 October 2025

Version Permalink

Live Version

Analytics

AN1932

Monitor for newly executed processes that can aid in sniffing network traffic to capture information about an environment.
Monitor executed commands and arguments for actions that aid in sniffing network traffic to capture information about an environment.

Log Sources

Data Component	Name	Channel
Process Creation (DC0032)	Process	None
Command Execution (DC0064)	Command	None