Slitheris Network Scanner has permanently been changed to Slitheris Network Discovery to further differentiate it from free network scanners and engage a more appropriate audience.
Welcome to the user guide for Slitheris Network Discovery 1.0. Slitheris is designed to agentlessly detect information from computers and other network devices, including those with credential or configuration issues. It’s popular among Managed Service Providers (MSPs), but is also useful for anyone who wants quick network overviews, with or without a lot of technical knowledge. Because Slitheris is new and fairly straightforward, this first user guide provides simply a quick overview.
Slitheris, like other tools that use active scanning, may cause Intrusion Detection Systems (IDS) & Intrusion Prevention Systems (IPS) to alert. Please add an exclusion in any IDS/IPS for your local PC if needed. Please scan responsibly. Always get permission.
The top of the Slitheris interface is a dark blue dashboard displaying various information, including discovery engine, scanning status, device count, ping sweep and an IP map displaying the currently selected IP range.
IP range scans can be started 3 ways: scanning all at once, scanning selected ranges, or expanding any IP range. In an effort to offer a multi-threaded GUI, additional scans can be started while other scans are in progress.
Scan All IP Ranges – This button starts scanning all IP ranges. This will not affect scans in progress, so it can be performed at any time.
Scan Selected IP Range(s) – Scans only selected IP ranges. This can also be used during scans.
Add IP Range – Slitheris attempts to detect /24 IP ranges for the current network at program startup. This button allows adding of /24 IP ranges as needed. Note that public or Internet IP ranges are not scannable in the trial and limited to 5 public ranges when licensed. If more than 5 are required, please contact us. IP ranges can be added during scans, but are currently limited to /24 subnets.
- To discourage anti-virus software from classifying Slitheris as malicious and reduce nefarious use, Internet scans are prohibited in the trial. After purchase, licensed versions allow scanning up to 5 /24 subnets. In addition, all Slitheris EXE’s and DLL’s are digitally-signed using the latest Microsoft SHA256 authentication certificates to ensure integrity, along with country of origin.
Abort – Scans can be aborted if needed using this feature. Please be patient as all scans may take a number of seconds to abort.
Autowidth Columns – Automatically fits all columns to cell data or header, whichever is wider.
Default Columns – Resets column order to factory defaults.
Column Lock – Locks the first few columns to keep them visible while scrolling the grid horizontally. This allows you to see Device Name and other data while viewing columns farther to the right.
Grid Info-Tips – Enabled by default, this option displays tooltips when hovering the mouse over any column with blue header text.
Export Scan Results (CSV) – Scans can be saved as a CSV (Comma Separated Values) file from the File menu in the upper-left.
Import IP Ranges – Slitheris can load a .txt file with /24 ranges defined on each line by IP addresses, saving time from having to enter them one at a time. Networks are currently limited to /24 IP blocks. We plan to add support for larger IP ranges, but for now they’re limited to /24’s.
Your list of /24 IP ranges should look like the following. Slitheris will load them as /24’s. There is no set limit.
Check for Updates – Slitheris automatically checks for updates when at least 24 hours have passed since Slitheris was last started. This feature allows checking for updates at any time.
Release History – Displays the release history as a text file in Notepad.
Licensing – To license Slitheris after purchasing, use the ‘Enter License Key’ button in the upper-right.
Please note that the licensing button has moved to the far left compared to previous screenshots.
This is a temporary measure to fix a screen resolution issue.
We apologize for the inconvenience and we’ll have a permanent fix soon.
Device Name – This is the name Slitheris presents as the best name it could find for the remote device. This information is currently pulled from 10 different locations, including rDNS, NetBIOS, FQDN, DNS, SNMP, HTTP and others. Slitheris attempts to pick the best Device Name from a prioritized list of at least 10 different name sources.
Reverse DNS – This is the name associated with the IP according to your DNS server, also known as rDNS.
NetBIOS Name – This is usually an all upper-case name, limited to 15 characters. It’s usually derived from UDP port 137, but other ports may expose this information. Windows machines and Linux Samba-based devices like NAS’s usually expose this type of data.
FQDN – The Fully Qualified Domain Name is a unique and unambiguous name given. FQDN’s usually contain the domain and computer name. This is currently only available from Windows machines and only is when the remote machine has been joined to a domain.
IP & Ping
IP Address – The standard IPv4 address in human-readable or dotted notation, as in 10.10.1.5.
Detected IPs – This is currently pulled only via DNS. Windows machines may have more than one IP due to multiple network adapters or being multi-homed.
Ping Attempts – The number of pings sent to the remote device.
Ping TTL – Time-To-Live is a hop limit mechanism in the Internet protocol specification. This is used in Slitheris to help detect basic operating systems (128 is usually Windows for example) and help estimate the number of network hops. See below.
Est. Hops – This provides an indication the number of routers between you and the remote network device. It’s derived from the difference between commonly-known TTL values (32, 64, 128, 255) and the TTL returned by Ping. For example, if Slitheris encounters a Ping TTL of 56, the Estimated Hops would be 8, meaning that there should be 7 routers between your machine and the remote device. When there are no routers involved, the value is 1 since the hop is from you to the device. This conforms to the tracert utility.
Device Type Hint – This provides an educated guess of the Device Type. It should be considered highly experimental in version 1, although new methods are in development to accurately detect many more Device Types in future versions. Detection of device types, such as computers, servers, routers, switches, smart phones, etc. is the single most difficult attribute for network discovery tools to determine.
Operating System details are gathered from network devices using standard methods as well as our own OS fingerprinting technology, capable of detecting Windows, Linux, iOS, Android and others. Remote Windows fingerprinting is supported on all NT-based OS’s from NT 4.0 to Windows 2016 Server. Because Windows UDP, TCP IP stack & ICMP suites respond in a predictable way, this value should be 99% accurate on Windows machines, when available. More detected operating systems are planned in version 2 and other operating systems will become more accurate as development continues.
- In most cases no rights are required to detect operating system information, except OS Bit architecture. This feature is exclusive to Slitheris.
|Operating System (combined) – This column displays all OS information in a single cell except OS Build, including full OS, Edition, Bits and Service Pack.|
|OS – This is the basic OS, with values such as Windows 2008, Windows, Linux, iOS, Android, etc.|
|OS Bits – The OS architecture, when available, is usually 32-bit or 64-bit. This is currently only available on Windows. This is the only OS data requiring administrator rights.|
|OS Edition – Displays the actual Windows Edition, as in Home, Professional, Ultimate, Enterprise, Preview. Currently only available on Windows.|
|OS Service Pack – Windows service pack, as reported by Windows.|
|OS Build – Shows the Windows build, as in 7601 or 10586. This is very useful for verifying major Windows 10 releases. Currently only available on Windows.|
Brand – Currently this is mainly derived from a normalized & sanitized MAC Address vendor database, but WMI may also be used on Windows machines to override or verify the Brand. Since vendors are normalized, entries such as ‘Dell Computer’, ‘Dell Inc’ and other variants are simply changed to Dell. This lends itself to more reliable sorting and future analysis.
Group Name – Displays the name of the domain or Workgroup assigned to a Windows machine. Domains and Workgroups are distinguishable by a green “D” icon.
MAC Address – The remote device’s MAC Address is gathered from multiple sources, including NetBIOS, SNMP, ARP and others.
Date and Time Details
Time Of Day – The local date and time as reported by the device. No special access rights required on Windows machines.
Clock Difference – Shows the PC or server’s clock deviation compared to the local PC’s time. This allows you to check servers for possible security issues related to inaccurate time and date settings.
Clock GMT Offset – Shows the PC or server’s clock Greenwich Mean Time zone.
Boot Date – This is the date and time the remote device was warm or cold booted and is closely related to Uptime. If Slitheris has the Boot Date, but no Uptime it may calculate the Uptime from the Boot Date. This value does not change in Windows PCs when put to sleep. This value is most useful on Windows machines but will also show for SNMP-based devices. With Slitheris, on Windows PCs both the Boot Date and Update do not suffer from rollover-to-zero issues when after approximately 49.7 days, Uptime resets to 0. There is no limit on Boot Date. This value never changes Windows machines unless Windows is completely rebooted. This value is 100% accurate on Windows machines and no special access rights are required when scanning them.
Uptime – Shows in days, hours, minutes and seconds how long the device has been running. There is no limit on Uptime on Windows since this value is calculated from the Boot Date. In Slitheris and all similar apps, Boot Time and Uptime doesn’t take into account when PCs and laptops are put to sleep or hibernated. Always 100% accurate on Windows machines.
Scan Start Time – Indicates when the scan was started for this device.
Scan Completed [Time] – Indicates when the scan was finished for this device.
Discovered By – Indicates how this device was found, either by Ping, ARP Ping or Protocol.
Description (Local) – Usually gathered from Windows machines and Samba devices, this is the same description as seen under “Advanced system settings” in Windows system Properties. Share-level access required.
Best Accessible By – This should be the NetBIOS name this device should be addressible by. This device should be accessible from Windows Explorer using this same name, as in “\\PCName”.
Total Share (GB) – Total gigabytes shared by the remote device, if access was available at the time of scan. Duplicate remote shares are cancelled out. Share-level rights required.
Username – Currently only available on Windows machines with administrator access, this should be the currently logged on user. Administrator rights required.
SQL Server Info – Displays exposed SQL Server information using UDP port 1434. When populated, this indicates an SQL Server is exposed on the remote system. No access rights required.
Please contact us if you have any questions. Thank you.