Map network topology

From pre-attack
Jump to: navigation, search

Map network topology
ID PRE-T1029
Tactic Technical Information Gathering


A network topology is the arrangement of the various elements of a network (e.g., servers, workstations, printers, routers, firewalls, etc.). Mapping a network allows an adversary to understand how the elements are connected or related.12

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Various available tools and data sources for scouting and detecting network topologies.


Detectable by Common Defenses (Yes/No/Partial): Yes

Explanation: Network mapping techniques/tools typically generate benign traffic that does not require further investigation by a defender since there is no actionable defense to execute. Defender review of access logs may provide some insight based on trends or patterns.


  1. ^  [A Shodan Tutorial and Primer Daniel Miessler. (n.d.). A Shodan Tutorial and Primer. Retrieved April 2, 2017.]