 Topology Disclosure is an attack to discover how network devices are connected and which systems act as servers. For example, to determine if a secure shell server is running on Bob's system, the attacker will send some packages to check if a SSH server responds. Once the SSH server listens on TCP port 22, Bob will send a TCP SIN packet to that port. If a SSH server is running, it will react upon the reception of a TCP SIN packet by returning a TCP ACK packet. Once the attacker receives the TCP ACK packet, it knows that a SSH server is running on Bob's PC. Topology Disclosure cannot only be used to find open ports, but also to discover which operating systems and versions are installed on specific systems. A good tool to discover this is Nmap. Staphic analysis is often followed by more targeted attacks.