loading
Loading content
loading
Network mapping builds a model of a network's structure: which hosts are live, how they group into subnets, what gateways and routes connect them, and where trust boundaries sit. The output is a topology you can reason about, not just a flat list of IP addresses. It answers how traffic flows and which segments can reach which.
The discipline matters on both sides of an engagement. A defender uses a map to spot segments that should be isolated but are not, or to find hosts that bridge a sensitive zone to the rest of the estate. An attacker uses the same map to plan lateral movement, tracing a path from an initial foothold toward a high-value target one reachable host at a time.
Mapping draws on several techniques. Asset discovery finds the hosts, port scanning reveals which services each one exposes, and service fingerprinting identifies the software and versions behind those ports. Together they fill in the nodes and edges of the picture.
In a Trickest workflow, you chain these stages so discovered hosts flow into scanning and fingerprinting automatically, and the map refreshes on a schedule as the network changes rather than going stale after a one-time sweep.
Related terms