M100916: Non-Windows Discovery

Linux and UNIX based systems present additional challenges when using network discovery.Unlike Windows based systems, which can typically be discover by a simple query of the windows browsers service, UNIX systems are only visible in the browser service if the systems are running SAMBA.For systems that are not running SAMBA ManageSoft supports three additional methods of discovering and gaining forensics on non-windows devices:

Network ping sweep

DiscoveryMethods1.jpg

ManageSoft's ping sweep functionality relies on proven network technology to scan defined subnets for attached network devices by sequential querying each address with a defined UDP packet and noting all devices that responded.

CIDR notation can be used to control the scope of the addresses scanned and multiple IP ranges can be combined in a single scan

DiscoveryMethods2.jpg

Ping sweeps can be combined with port scanning to return additional information about identified network devices.The information returned from the port scan is used by ManageSoft to provide operating system (OS) fingerprinting which provides the end user with a best effort guess at the running OS.

Finally ManageSoft supports standard Simple Network Management Protocol SNMP.SNMP can query SNMP providers on the network to gain additional forensics about devices and server including running operating system.

These different methods combine to provide ManageSoft with comprehensive discovery ability for both Windows and non-windows systems. 

Comments

Powered by Zendesk