The sub-techniques beta is now live! Read the release blog post for more info.

Conduct passive scanning

Passive scanning is the act of looking at existing network traffic in order to identify information about the communications system. [1] [2]

ID: T1253
Tactic: Technical Information Gathering
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Generates no network traffic that would enable detection.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Easy to do but it requires a vantage point conducive to accessing this data.


  1. Jamal Raiyn. (2014). A survey of Cyber Attack Detection Strategies. Retrieved March 5, 2017.
  1. H. P. Sanghvi and M. S. Dahiya. (2013, February). Cyber Reconnaissance: An Alarm before Cyber Attack. Retrieved March 5, 2017.