Recent Posts
41
Slitheris Network Discovery - Feature Requests / Re: Option to scan for SSH and telnet
« Last post by Davidh on November 29, 2018, 02:51:25 AM »At the moment I was thinking that just noting if there was ssh or telnet access would be good, as it would allow me to distinguish between a Cisco VoIP and a switch for the most part, but then I found out that SG (Cisco small business) switches have only http enabled and ssh and telnet is disabled 
42
Slitheris Network Discovery - Feature Requests / Re: Option to scan for SSH and telnet
« Last post by Komodo Support on November 26, 2018, 11:07:36 PM »Thanks David! We actually scan telnet and SSH now, but only internally to determine device type. However, as you've found, that's a bit lacking right now in v1.1 because it's mainly hardcoded. We plan to tackle real device identification in the next major version.
We may be able to provide something useful before then. Are you simply wanting to know if Slitheris found that Telnet or SSH exists on the device or something more detailed?
We may be able to provide something useful before then. Are you simply wanting to know if Slitheris found that Telnet or SSH exists on the device or something more detailed?
43
Slitheris Network Discovery - Feature Requests / Option to scan for SSH and telnet
« Last post by Davidh on November 22, 2018, 12:59:58 AM »Lately I had to do a lot of quick scans for network equipment remotely (to make sure there were no switches creating loops and so on)
In one location I realized that with a lot of Cisco phones it was tough to tell apart a phone and a switch.
If we had the option to turn on for scan on ssh and telnet access (it already scans for http and https) it would help identified the devices.
It shouldn't be an option always on because it might increase scan time, but it could be something to add as an option to the scan
In one location I realized that with a lot of Cisco phones it was tough to tell apart a phone and a switch.
If we had the option to turn on for scan on ssh and telnet access (it already scans for http and https) it would help identified the devices.
It shouldn't be an option always on because it might increase scan time, but it could be something to add as an option to the scan
44
Slitheris Network Discovery - Feature Requests / Re: Ability to detect if an address is DHCP or Static
« Last post by Komodo Support on August 21, 2018, 03:46:23 PM »Apologies for the delay!
We found this idea very interesting and we'll definitely keep it in mind when we get to that point. There are so many other issues we need to tackle, it may be some time before we're ready to delve into this much further. It is a really good idea though. Thank you!
We found this idea very interesting and we'll definitely keep it in mind when we get to that point. There are so many other issues we need to tackle, it may be some time before we're ready to delve into this much further. It is a really good idea though. Thank you!
45
Slitheris Network Discovery - Feature Requests / Re: Ability to detect if an address is DHCP or Static
« Last post by aeccles on August 15, 2018, 05:24:02 PM »Export DHCP leases through a powershell command: https://docs.microsoft.com/en-us/powershell/module/dhcpserver/export-dhcpserver?view=win10-ps
Here's how I see it working:
Complete a subnet scan in Slitheris (or maybe this is better for NEWT given current capabilities)
Slitheris/NEWT send a remote powershell command to the DHCP server to export the DHCP leases from the same scope.
Slitheries/NEWT imports those leases into the Slitheris/NEWT database
Slitheries/NEWT compares the MAC/IP address info discovered by Slitheris/NEWT to the MAC/IP info from the DHCP Server
The items that match up could be confirmed as being a DHCP address.
Those that don't match would have a very high probability of being static.
Slitheries/NEWT shows these results in the GUI... a column title DHCP Address and show "YES" for matches?
Here's how I see it working:
Complete a subnet scan in Slitheris (or maybe this is better for NEWT given current capabilities)
Slitheris/NEWT send a remote powershell command to the DHCP server to export the DHCP leases from the same scope.
Slitheries/NEWT imports those leases into the Slitheris/NEWT database
Slitheries/NEWT compares the MAC/IP address info discovered by Slitheris/NEWT to the MAC/IP info from the DHCP Server
The items that match up could be confirmed as being a DHCP address.
Those that don't match would have a very high probability of being static.
Slitheries/NEWT shows these results in the GUI... a column title DHCP Address and show "YES" for matches?
46
Slitheris Network Discovery - Feature Requests / Re: Ability to detect if an address is DHCP or Static
« Last post by Komodo Support on August 15, 2018, 04:37:00 PM »And NEWT Pro would also give you some more information about the NIC as well, such as MTU, etc.
Are you saying to some how allow a user to enter active leases themselves? I don't think there's a practical way to pull this info automatically. Maybe we're not quite understanding. Could you elaborate a little more on how you'd see this being done? That would help a lot.
Are you saying to some how allow a user to enter active leases themselves? I don't think there's a practical way to pull this info automatically. Maybe we're not quite understanding. Could you elaborate a little more on how you'd see this being done? That would help a lot.
47
Slitheris Network Discovery - Feature Requests / Re: Ability to detect if an address is DHCP or Static
« Last post by aeccles on August 15, 2018, 01:57:20 PM »Great to know that this can be found on PCs & Servers via NEWT Pro. For the situation I am currently facing, it's a couple hundred non-pc/servers that I'd like to know about.
My last suggestion is about comparing a Siltheris Discovery to an output of active DHCP leases that could be obtained from a DHCP server. If you put the results of each into a database/excel, you could compare IPs and MAC addresses and determine which systems got their IPs via DHCP.
My last suggestion is about comparing a Siltheris Discovery to an output of active DHCP leases that could be obtained from a DHCP server. If you put the results of each into a database/excel, you could compare IPs and MAC addresses and determine which systems got their IPs via DHCP.
48
Slitheris Network Discovery - Feature Requests / Re: Ability to detect if an address is DHCP or Static
« Last post by Komodo Support on August 13, 2018, 04:32:15 PM »Hi there! Our deep scanning software, NEWT Pro, will show whether a PC or server is set to DHCP or Static. Having credentials is the one reliable method, but then you have non-PC devices that would be much more difficult to get the info directly, to the point of it not being worth it.
One could guess which devices are DHCP/static by repeatedly and continuously scanning and determining which devices move to other IPs or stay the same. This is something we'd like to add in v2.0 since automated/scheduled scanning is planned. Is that what you meant in your last suggestion?
One could guess which devices are DHCP/static by repeatedly and continuously scanning and determining which devices move to other IPs or stay the same. This is something we'd like to add in v2.0 since automated/scheduled scanning is planned. Is that what you meant in your last suggestion?
49
Slitheris Network Discovery - Feature Requests / Ability to detect if an address is DHCP or Static
« Last post by aeccles on August 13, 2018, 02:51:03 PM »It would be great if there was a way to identify if a device's IP address was static or DHCP.
Possible process:
Discover a subnet
get a powershell dump of DHCP leases
Compare to identify which active addresses are static vs. dhcp
Possible process:
Discover a subnet
get a powershell dump of DHCP leases
Compare to identify which active addresses are static vs. dhcp
50
Slitheris Network Discovery - Feature Requests / Re: Select which fields you want
« Last post by Komodo Support on August 10, 2018, 05:24:17 AM »Thank you very much! We love hearing it. Please forgive our delay.
We know exactly what you mean. One problem with this is that we're able to get multiple pieces of information from a single protocol. For example, say we can get the OS, MAC Address and Estimated Age of the device at the same time (same port/protocol) and were unable to ask the remote PC port for only one of them. Then say you didn't want the MAC Address in this scan, but what if it doesn't take any longer to retrieve the MAC Address when you already want the OS? And I know you mentioned Brand as an example, but if you have a MAC Address, you have a brand or vendor. You can see how a lot of what we gather is inextricably linked. We're just not sure how to go about this yet.
There are other complications as well I can't mention here that may prevent us from disabling most info, but that being said, I do know we'll be working to greatly improve the device scan speed and efficiency through a complete re-write.
While re-writing the scan engine, we also plan on adding automated/scheduled scanning. I'm not sure what we'll do about automated exporting at that time, but we do plan to have everything written to a database. You'd be able to pull data from that DB as needed with 3rd party tools.
We're currently working on adding much-needed large IP range support as well as a few interface improvements.
Please let us know if you have any other ideas!
We know exactly what you mean. One problem with this is that we're able to get multiple pieces of information from a single protocol. For example, say we can get the OS, MAC Address and Estimated Age of the device at the same time (same port/protocol) and were unable to ask the remote PC port for only one of them. Then say you didn't want the MAC Address in this scan, but what if it doesn't take any longer to retrieve the MAC Address when you already want the OS? And I know you mentioned Brand as an example, but if you have a MAC Address, you have a brand or vendor. You can see how a lot of what we gather is inextricably linked. We're just not sure how to go about this yet.
There are other complications as well I can't mention here that may prevent us from disabling most info, but that being said, I do know we'll be working to greatly improve the device scan speed and efficiency through a complete re-write.
While re-writing the scan engine, we also plan on adding automated/scheduled scanning. I'm not sure what we'll do about automated exporting at that time, but we do plan to have everything written to a database. You'd be able to pull data from that DB as needed with 3rd party tools.
We're currently working on adding much-needed large IP range support as well as a few interface improvements.
Please let us know if you have any other ideas!