Introduction and Prerequisites of Nmap Based Discovery in Summit

Owned by Naman Varma
Last updated: Apr 23, 2024 by Mayuresh Balaji Kamble (Unlicensed)Version comment
7 min read

Introduction to Summit Discovery

Option 1: Standard discovery

Summit uses various protocols and credentials to discovery infrastructure.

Discovered Resource Properties by Summit Discovery:

Discovery Detail

Description

Hardware Discovery

Hardware Variance is the variance observed in the Hardware properties of the latest Asset Discovery Data to the Hardware properties specified in the Asset Management Data. Using the Hardware Variance, the Asset Managers can verify the latest Asset Discovery Data against the Asset Management Data and update the Asset Management Data or identify unauthorized Hardware upgrades or additions.

Host Name

Host Name is the label tag assigned to any machine which runs on a network. Host Name is used to distinguish one device from another on a specific network or over the internet

Enter the name of the discovered computing device. This field can have any one of the following values: the first part of the full DNS name, the NetBIOS name, or the SNMP name of a computing device. If the discovered device is a virtual host, you can also use its IP address as name.

Serial Number

Serial number is a unique identifier assigned to a specific asset.
it is a string that uniquely and consistently identifies a specific machine or device.

CPU

Name and the Available CPU Unit of the Device.

Model Number

A model number is a code used to identify a group of assets made in a production, such as a particular type of laptops. The model number is useful when garnering services for a product's repair since replacement parts often correspond with a model number.

Hard Disk Size

The amount of storage on a hard disk, measured in gigabytes and terabytes

Hard Disk Quantity

Number of Hard disks available 

RAM Size

Random Access Memory (RAM) is a primary memory which is used to store working data. Total RAM space available to the system.

RAM Quantity

Number of RAM chips available 

MAC Address

The Media Access Control (MAC) address is a unique identifier assigned to each network interface card (NIC) of the device for use as a network address in communications within a network segment. If a device has multiple NICs, this field displays a comma-separated list of MAC addresses. MAC Address ensure that physical address of the computer is unique.

IP Address

An Internet Protocol address (IP address) is a numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication.
IP Address is a logical address of the machine and is used to uniquely locate machine connected via a network.

Scan Source

IP Address of the Source Machine to Scan the Devices.

Agent Version

Indicates the version of the Inventory Agent installed on the discovered computer. A computer with an installed Inventory Agent is sometimes called a managed device. 

Last Logged On NT ID

Records the last logged in time of the active directory users.

Last Boot Up Time

Used to calculate Uptime which measure of computer operating system reliability or stability.

It also represents the time a computer has been left unattended without needing to be rebooted for administrative or maintenance purposes, or crashing.

System Domain

The name of the domain to which the discovered device belongs. A domain is a collection of computers and user accounts that are grouped to achieve centralized management by the domain controller.

OS Caption

Version name of the Operating System

Registered User

The name of the user under whom that OS is registered

OS Service Pack

Patch and upgrade suite number that complements an established operating system (OS) and its software programs

HDD Serial No.

Hard disks serial numbers are a unique combination of manufacturer, model and serial number codes

OS Version

Edition and version of Operating System your device is running. This refers to the version of the operating system which is being used currently

OS Serial Number

OS serial number, otherwise called a product key, assigned to a specific user with a right to use the system

No. of Core

Number of cores in the CPU

OS Manufacturer

Name of the  OS manufacturer

No. of Processor

Number of processors in the CPU i.e., displays the total number of processor that are discovered.

OS Bit

32 or 64 bit operating system

Manufacturer

Name of the manufacturer of the discovered device

OS Installed Date

Date of installation of the current OS

Manufacturing Date

Date of manufacture of the discovered device

TPM Status

TPM state tracks whether the Trusted Platform Module has been initialized and owned - associated with a single user- the operating system. It is a specialized chip on an endpoint device that stores RSA encryption keys specific to the host system for hardware authentication. This key pair is generated by the TPM based on the Endorsement Key and an owner-specified password.

Socket Designation

Indicates the socket/CPU relationship

Guest Information

The guest OS is either part of a partitioned system or part of a virtual machine (VM) setup. A guest OS provides an alternative OS for a device.

Option 2: Discovery based on Nmap

 

  • Nmap ("Network Mapper") is utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X.
  • Nmap is integrated with Summit (disabled by default). It needs to be enabled manually to use Nmap discovery.
  • If Nmap is not enabled, Summit uses standard discovery functionality.
  • Nmap collects basic information like IP, Hostname, Ports enabled, OS, device type. After discovery, Nmap provides the information about Device Type and OS with probable percentage. For example, for a Device, it says the OS is Windows 2008 R2 with probable percentage of 80%.
  • With the Nmap traceroute information, Summit derives relationship between Cis (Configuration Items)
  • Using Nmap discovery information, Summit does the discovery again to collect more details like Hardware, Software, Patches, and so on.
  • Nmap discovery is stored in Summit DB tables.
  • Nmap Utility must be downloaded by Customer and follow instructions provided in document to use Nmap in Summit.
  • Customer Security clearance to use Nmap as it does port scanning

Discovered Resource Properties by Nmap Discovery:

NMAP Discovery Detail

Description

Devicetype

Broad classification such as router, printer, or game console. General-purpose operating systems such as Linux and Windows which can be used for just about anything are classified as general purpose.

Vendor

The vendor is the company which makes an OS or device. Examples are Apple, Cisco, Microsoft, and Linksys. For community projects such as OpenBSD and Linux without a controlling vendor, the OS family name is repeated for the vendor column

OSFamily

OS family includes products such as Windows, Linux, IOS (for Cisco routers), Solaris, and OpenBSD. There are also hundreds of devices such as switches, broadband routers, and printers which use undisclosed operating systems. When the underlying OS isn't clear, embedded is used.

OSCaption

OS generation is a more granular description of the OS. Generations of Linux include 2.4.X and 2.6.X, while Windows generations include 95, 98, Me, 2000, XP, and Vista. FreeBSD uses generations such as 4.X and 5.X. For obscure operating systems which we haven't subdivided into generations (or whenever the OS is listed simply as embedded), this field is left blank.

MacAddress

The Media Access Control (MAC) address is a unique identifier assigned to each network interface card (NIC) of the device. If a device has multiple NICs, this field displays a comma-separated list of MAC addresses.

DeviceStatus

Device availability – Up/Down.

Uptime or availability is a measure of system reliability, expressed as the percentage of time a machine, typically a computer, has been working and available.

Primary Pre-requisites

Option 1: Standard discovery

WMI

  • Dedicated domain account (Details available in last section of this document.)
  • All the Target Servers and Summit Proxy must be in same Domain
  • The following Windows Services should be in running state in all target servers
  • Windows Management Instrumentation
    • Remote Procedure Call (RPC)
    • Remote Registry
  • Port Requirements o ICMP, TCP ports 135,445 and WMI Ports from Summit Proxy Servers to Target Server Note: Detailed requirement is available here last section of this document.

SNMP

  • SNMP V1 / V2: Separate Read only community string must be enabled
  • SNMP V3:
  • noAuthnoPriv
    • Username and Password
  • authNoPriv
    • Username and Password
    • Authentication Protocols MD5 or SHA (Secure Hash Algorithm).
  • authPriv
  • Username and Password
  • Authentication Protocols MD5 or SHA (Secure Hash Algorithm).
  • Encryption Protocols AES (Advanced Encryption Standard) or DES (Data Encryption Standard)
  • Encryption key or password
  • SNMP Service should be in running state in all target devices
  • Summit Proxy IP to be allowed in SNMP service on target device
  • Port Requirements
    • Summit Proxy IP to be allowed at all devices to access
    • Port Requirements

    • ICMP, SNMP Polling (Usually 161) ports from Summit Proxy Servers to Target devices

      Source IP

      Destination IP

      Port Number

      Direction

      Summit ProxyDevice IPICMP SNMP (Default port:161)Unidirectional

SSH

  • Dedicated account with sudo access or root account
  • Port Requirements o ICMP, SSH (Usually 22) ports from Summit Proxy Servers to Target devices
  • To know how to enable Sudo Access.

Option 2: Discovery based on Nmap

  • NMap Binary files
  • Broadcast pings
  • Commands

Command

Description

O

Enable OS detection

--osscan-limit: Limit OS detection to promising targets

--osscan-guess: Guess OS more aggressively

A

Enable OS detection, version detection, script scanning, and traceroute

traceroute

Trace hop path to each host

PS/PA/PU/PY

TCP SYN/ACK, UDP or SCTP discovery to given ports

PE/PP/PM

ICMP echo, timestamp, and netmask request discovery probes

Reason

Display the reason a port is in a particular state

iflist

Print host interfaces and routes

system-dns

Use OS's DNS resolver

sS/sT/sA/sW/sM

TCP SYN/Connect()/ACK

spoof-mac

Spoof your MAC address

v

Increase verbosity level

T

Set timing template (higher is faster)

Security and legal issues with Nmap

For security and legal issues, Kindly refer the below link.

https://nmap.org/book/legal-issues.html