Komodo Labs Forums

Slitheris Network Discovery => Slitheris Network Discovery - Support & General Discussion => Topic started by: JeffWilson76 on April 01, 2016, 11:49:05 PM

Title: Great products Komodo labs!
Post by: JeffWilson76 on April 01, 2016, 11:49:05 PM

I'm just an IT guy and part-time consultant and thought I'd reach out about Newt & Slitheris as I just received your spring updates to them. I've purchased licenses for both so I was thrilled to see the updates.

Anyway, love how Slitheris is progressing. A corporate LAN, if it wasn't put together thoughtfully, can be a chaotic mess. Giant layer 2 broadcast domains with servers, PCs, printers is bad enough. Now add in an Android, Amazon Alexa device and other products of dubious quality. Scary times!

I like Slitheris because it helps me rapidly identify threats. I especially like the TCP OS fingerprinting...it's crazy to think that websites and javascript can fingerprint my OS by looking at TCP packets, but until Slitheris, I'm not aware of any product tool that allowed IT guys to do the same thing....most products were just guessing I think.

I do have a question on the new column in Slitheris: "Difficulty" What's that mean? If I have an IPhone on my LAN and it shows as Extreme Difficulty, does this mean Slitheris has low confidence in device type, or is this some kind of metric for whether the device has ports open etc?

Feature requests: I don't know what programming framework you're developing Slitheris in for Windows, but if it's .net 4 or above, may I humbly request you take a look at building Powershell cmdlets?

Thanks again and love the product!

Jeff Wilson
Title: Re: Great products Komodo labs!
Post by: Komodo Support on April 05, 2016, 11:51:59 AM
Hi Jeff, apologies for the delay.  We usually try to reply within a day.  I guess we got too busy releasing those updates!

Thank you for the compliments and the purchases.  These help fund research to develop like Slitheris.  And since upgrades are free, you're getting a great return on your investment.

We're glad to hear Slitheris is helping identify threats.  It's was mainly developed to help find & identify devices, and in v2.0 we plan to greatly improve Device Type identification so that Amazon Echo shows up as an Amazon Echo.  This will be by far the most ambitious & time-consuming feature of the next major upgrade.  We would like to investigate it's potential in the security & forensics market too.  I imagine detection of unpingable (stealth) devices could be of use in that field.  We may even look into licensing our scan engine to others for inclusion in their own products as it matures.

Yes, OS fingerprinting is very complex and is sometimes more art than a science.  We feel like we only just started, but we spent an entire year so far on OS fingerprinting research alone.  Some of our OS's are guesses too, but it usually indicates guessing vs. an exact fingerprint match.  We're working on even better and more granular OS detection of popular Linux distros this year to give you Ubuntu, Fedora, CentOS, Solaris, Embedded, etc. instead of simply Linux.

The new Difficulty column does beg for some explanation in lieu of a manual, which is also coming in v2.  This new column indicates generally how hard it was for Slitheris to detect the device's presence (is it pingable or not) and get information from it like OS or Device Type.  For example if a PC shows to being unpingable or has "Windows?" for it's OS, these further increases difficulty level.  It can be due to port count, but because some ports can be redundant, it's more tied to how much info a device reveals about itself.  It also doesn't necessarily mean the data's inaccurate, although Extreme often means the device provided very little information through direct examination.  The Device Type column should have its own confidence level.  If it has no percentage, Slitheris believes the data is accurate.  However since it is a 1.0 and still going through heavy development, it's not going to be perfect.  In the Extreme cases I would say it's possible for the info on that device to be accurate, but should be scrutinized.  You can also think of it as how "open" a device is.  For example, a device marked Extreme may not even be found by other software.

As for Powershell cmdlets, we'd like to get into this and other management features like IP Address Management (IPAM), but our focus right now is improving scan results, the GUI and other more basic features.  We're currently working on a detail pane so you can see everything for the selected device in one place.  As well as very large IP range support with a brand new real-time ping sweep system.

Please let us know if you have any other questions, concerns or have more great things to say!
Title: Re: Great products Komodo labs!
Post by: JeffWilson76 on April 06, 2016, 12:52:55 PM
Like I said, Slitheris is good stuff. I'm unaware of other products like it that don't cost bundles and bundles more. Most LAN scanners/sweepers are just dumb tools that lookup the MAC address against an OID vendor list, as if it was 1997 and we were all working on an old Catalyst switch. Terrible.

Thanks for the color on Difficulty. Totally makes sense.

You were right to pull the free version as this is a great product. I'm glad I got in when I did.

Do you take beta testers? I'm willing to help test and supply results on lab/other environments if it helps improve the product and if confidence is assured.
Title: Re: Great products Komodo labs!
Post by: Komodo Support on April 07, 2016, 11:15:14 AM
Thank you.  We're so glad to hear from users like yourself, who see what we're trying to do is quite different than anything else out there.

We know what you mean about the same old scans, with the same old info.  It's one of the reasons we developed Slitheris.  And while version 1's results aren't perfect, it at least gives you a clearer overview, especially compared to free offerings.  This is especially true with Managed Service Providers (MSPs) who scan disparate networks on a regular basis.

Pulling the freeware version was a difficult decision.  Part of the failure was due to how it was implemented, but there were other factors as well.  I don't know if you've noticed, but we recently changed the name from Slitheris Network Scanner to Slitheris Network Discovery, as most IP and network scanners are free.

Yes, we will be looking for beta testers for v2.  Due to the diverse types of devices and networks in general, we'll be able to use the help of just about anyone in the beginning.  But not everyone is enthusiastic, which goes a long way.