atomic-red-team/atomics/T1016/T1016.md

# T1016 - System Network Configuration Discovery
## [Description from ATT&CK](https://attack.mitre.org/wiki/Technique/T1016)
<blockquote>Adversaries will likely look for details about the network configuration and settings of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include [Arp](https://attack.mitre.org/software/S0099), [ipconfig](https://attack.mitre.org/software/S0100)/[ifconfig](https://attack.mitre.org/software/S0101), [nbtstat](https://attack.mitre.org/software/S0102), and [route](https://attack.mitre.org/software/S0103).

Adversaries may use the information from [System Network Configuration Discovery](https://attack.mitre.org/techniques/T1016) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.</blockquote>

## Atomic Tests

- [Atomic Test #1 - System Network Configuration Discovery](#atomic-test-1---system-network-configuration-discovery)

- [Atomic Test #2 - System Network Configuration Discovery](#atomic-test-2---system-network-configuration-discovery)


<br/>

## Atomic Test #1 - System Network Configuration Discovery
Identify network configuration information

**Supported Platforms:** Windows


#### Run it with `command_prompt`! 
```
ipconfig /all
netsh interface show
arp -a
nbtstat -n
net config
```



<br/>
<br/>

## Atomic Test #2 - System Network Configuration Discovery
Identify network configuration information

**Supported Platforms:** macOS, Linux


#### Run it with `sh`! 
```
arp -a
netstat -ant | awk '{print $NF}' | grep -v '[a-z]' | sort | uniq -c
ifconfig
```



<br/>