Map network topology

A network topology is the arrangement of the various elements of a network (e.g., servers, workstations, printers, routers, firewalls, etc.). Mapping a network allows an adversary to understand how the elements are connected or related. [1] [2]

ID: T1252
Sub-techniques:  No sub-techniques
Tactic: Technical Information Gathering
Version: 1.0
Created: 14 December 2017
Last Modified: 05 February 2019


Detectable by Common Defenses (Yes/No/Partial): Yes

Explanation: Network mapping techniques/tools typically generate benign traffic that does not require further investigation by a defender since there is no actionable defense to execute. Defender review of access logs may provide some insight based on trends or patterns.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Various available tools and data sources for scouting and detecting network topologies.


  1. Linux Man Page. (n.d.). traceroute(8) - Linux man page. Retrieved April 2, 2017.
  1. A Shodan Tutorial and Primer Daniel Miessler. (n.d.). A Shodan Tutorial and Primer. Retrieved April 2, 2017.