Map network topology
A network topology is the arrangement of the various elements of a network (e.g., servers, workstations, printers, routers, firewalls, etc.). Mapping a network allows an adversary to understand how the elements are connected or related.  
Tactic: Technical Information Gathering
DetectionDetectable by Common Defenses (Yes/No/Partial): Yes
Explanation: Network mapping techniques/tools typically generate benign traffic that does not require further investigation by a defender since there is no actionable defense to execute. Defender review of access logs may provide some insight based on trends or patterns.
Difficulty for the AdversaryEasy for the Adversary (Yes/No): Yes
Explanation: Various available tools and data sources for scouting and detecting network topologies.
- Linux Man Page. (n.d.). traceroute(8) - Linux man page. Retrieved April 2, 2017.
- [A Shodan Tutorial and Primer Daniel Miessler. (n.d.). A Shodan Tutorial and Primer. Retrieved April 2, 2017.