Attackers generally abuse the network “rules” established by security policies. The rules are broken in such a way that attackers send their traffic that appears to be normal traffic. Attacks can be classified as:
Reconnaissance is an attacker's activity of collecting information about a network, its structure, and the hardware and software it uses to launch a successful attack.
Reconnaissance is not an attack by itself; however, this could cause a serious security threat by allowing the weaknesses of the network or network resources to be made known to the attacker. This is more an information-gathering mission. Moreover, it usually undergoes undetected since it doesn't have immediate, noticeable effect on the network.