Adversaries may perform network connection enumeration to discover information about device communication patterns. If an adversary can inspect the state of a network connection with tools, such as Netstat, in conjunction with System Firmware, then they can determine the role of certain devices on the network . The adversary can also use Network Sniffing to watch network traffic for details about the source, destination, protocol, and content.
|M0816||Mitigation Limited or Not Effective||
Network connection enumeration is likely obtained by using common system tools (e.g., netstat, ipconfig).
|ID||Data Source||Data Component|
|DS0009||Process||OS API Execution|