Conduct passive scanning

Passive scanning is the act of looking at existing network traffic in order to identify information about the communications system. [1] [2]

ID: T1253
Sub-techniques:  No sub-techniques
Tactic: Technical Information Gathering
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Generates no network traffic that would enable detection.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Easy to do but it requires a vantage point conducive to accessing this data.


  1. Jamal Raiyn. (2014). A survey of Cyber Attack Detection Strategies. Retrieved March 5, 2017.
  1. H. P. Sanghvi and M. S. Dahiya. (2013, February). Cyber Reconnaissance: An Alarm before Cyber Attack. Retrieved March 5, 2017.