Introduction and Prerequisites of Nmap Based Discovery in Summit
Introduction to Summit Discovery
Option 1: Standard discovery
Summit uses various protocols and credentials to discovery infrastructure.
Discovered Resource Properties by Summit Discovery:
Discovery Detail | Description |
Hardware Discovery | Hardware Variance is the variance observed in the Hardware properties of the latest Asset Discovery Data to the Hardware properties specified in the Asset Management Data. Using the Hardware Variance, the Asset Managers can verify the latest Asset Discovery Data against the Asset Management Data and update the Asset Management Data or identify unauthorized Hardware upgrades or additions. |
Host Name | Host Name is the label tag assigned to any machine which runs on a network. Host Name is used to distinguish one device from another on a specific network or over the internet |
Serial Number | Serial number is a unique identifier assigned to a specific asset. |
CPU | Name and the Available CPU Unit of the Device. |
Model Number | A model number is a code used to identify a group of assets made in a production, such as a particular type of laptops. The model number is useful when garnering services for a product's repair since replacement parts often correspond with a model number. |
Hard Disk Size | The amount of storage on a hard disk, measured in gigabytes and terabytes |
Hard Disk Quantity | Number of Hard disks available |
RAM Size | Random Access Memory (RAM) is a primary memory which is used to store working data. Total RAM space available to the system. |
RAM Quantity | Number of RAM chips available |
MAC Address | The Media Access Control (MAC) address is a unique identifier assigned to each network interface card (NIC) of the device for use as a network address in communications within a network segment. If a device has multiple NICs, this field displays a comma-separated list of MAC addresses. MAC Address ensure that physical address of the computer is unique. |
IP Address | An Internet Protocol address (IP address) is a numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication. |
Scan Source | IP Address of the Source Machine to Scan the Devices. |
Agent Version | Indicates the version of the Inventory Agent installed on the discovered computer. A computer with an installed Inventory Agent is sometimes called a managed device. |
Last Logged On NT ID | Records the last logged in time of the active directory users. |
Last Boot Up Time | Used to calculate Uptime which measure of computer operating system reliability or stability. |
System Domain | The name of the domain to which the discovered device belongs. A domain is a collection of computers and user accounts that are grouped to achieve centralized management by the domain controller. |
OS Caption | Version name of the Operating System |
Registered User | The name of the user under whom that OS is registered |
OS Service Pack | Patch and upgrade suite number that complements an established operating system (OS) and its software programs |
HDD Serial No. | Hard disks serial numbers are a unique combination of manufacturer, model and serial number codes |
OS Version | Edition and version of Operating System your device is running. This refers to the version of the operating system which is being used currently |
OS Serial Number | OS serial number, otherwise called a product key, assigned to a specific user with a right to use the system |
No. of Core | Number of cores in the CPU |
OS Manufacturer | Name of the OS manufacturer |
No. of Processor | Number of processors in the CPU i.e., displays the total number of processor that are discovered. |
OS Bit | 32 or 64 bit operating system |
Manufacturer | Name of the manufacturer of the discovered device |
OS Installed Date | Date of installation of the current OS |
Manufacturing Date | Date of manufacture of the discovered device |
TPM Status | TPM state tracks whether the Trusted Platform Module has been initialized and owned - associated with a single user- the operating system. It is a specialized chip on an endpoint device that stores RSA encryption keys specific to the host system for hardware authentication. This key pair is generated by the TPM based on the Endorsement Key and an owner-specified password. |
Socket Designation | Indicates the socket/CPU relationship |
Guest Information | The guest OS is either part of a partitioned system or part of a virtual machine (VM) setup. A guest OS provides an alternative OS for a device. |
Option 2: Discovery based on Nmap
- Nmap ("Network Mapper") is utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X.
- Nmap is integrated with Summit (disabled by default). It needs to be enabled manually to use Nmap discovery.
- If Nmap is not enabled, Summit uses standard discovery functionality.
- Nmap collects basic information like IP, Hostname, Ports enabled, OS, device type. After discovery, Nmap provides the information about Device Type and OS with probable percentage. For example, for a Device, it says the OS is Windows 2008 R2 with probable percentage of 80%.
- With the Nmap traceroute information, Summit derives relationship between Cis (Configuration Items)
- Using Nmap discovery information, Summit does the discovery again to collect more details like Hardware, Software, Patches, and so on.
- Nmap discovery is stored in Summit DB tables.
- Nmap Utility must be downloaded by Customer and follow instructions provided in document to use Nmap in Summit.
- Customer Security clearance to use Nmap as it does port scanning
Discovered Resource Properties by Nmap Discovery:
NMAP Discovery Detail | Description |
Devicetype | Broad classification such as router, printer, or game console. General-purpose operating systems such as Linux and Windows which can be used for just about anything are classified as general purpose. |
Vendor | The vendor is the company which makes an OS or device. Examples are Apple, Cisco, Microsoft, and Linksys. For community projects such as OpenBSD and Linux without a controlling vendor, the OS family name is repeated for the vendor column |
OSFamily | OS family includes products such as Windows, Linux, IOS (for Cisco routers), Solaris, and OpenBSD. There are also hundreds of devices such as switches, broadband routers, and printers which use undisclosed operating systems. When the underlying OS isn't clear, embedded is used. |
OSCaption | OS generation is a more granular description of the OS. Generations of Linux include 2.4.X and 2.6.X, while Windows generations include 95, 98, Me, 2000, XP, and Vista. FreeBSD uses generations such as 4.X and 5.X. For obscure operating systems which we haven't subdivided into generations (or whenever the OS is listed simply as embedded), this field is left blank. |
MacAddress | The Media Access Control (MAC) address is a unique identifier assigned to each network interface card (NIC) of the device. If a device has multiple NICs, this field displays a comma-separated list of MAC addresses. |
DeviceStatus | Device availability – Up/Down. |
Primary Pre-requisites
Option 1: Standard discovery
WMI
- Dedicated domain account (Details available in last section of this document.)
- All the Target Servers and Summit Proxy must be in same Domain
- The following Windows Services should be in running state in all target servers
- Windows Management Instrumentation
- Remote Procedure Call (RPC)
- Remote Registry
- Port Requirements o ICMP, TCP ports 135,445 and WMI Ports from Summit Proxy Servers to Target Server Note: Detailed requirement is available here last section of this document.
SNMP
- SNMP V1 / V2: Separate Read only community string must be enabled
- SNMP V3:
- noAuthnoPriv
- Username and Password
- authNoPriv
- Username and Password
- Authentication Protocols MD5 or SHA (Secure Hash Algorithm).
- authPriv
- Username and Password
- Authentication Protocols MD5 or SHA (Secure Hash Algorithm).
- Encryption Protocols AES (Advanced Encryption Standard) or DES (Data Encryption Standard)
- Encryption key or password
- SNMP Service should be in running state in all target devices
- Summit Proxy IP to be allowed in SNMP service on target device
- Port Requirements
- Summit Proxy IP to be allowed at all devices to access
- Port Requirements
ICMP, SNMP Polling (Usually 161) ports from Summit Proxy Servers to Target devices
Source IP
Destination IP
Port Number
Direction
Summit Proxy Device IP ICMP SNMP (Default port:161) Unidirectional
SSH
- Dedicated account with sudo access or root account
- Port Requirements o ICMP, SSH (Usually 22) ports from Summit Proxy Servers to Target devices
- To know how to enable Sudo Access.
Option 2: Discovery based on Nmap
- NMap Binary files
- Broadcast pings
- Commands
Command | Description |
---|---|
O | Enable OS detection --osscan-limit: Limit OS detection to promising targets --osscan-guess: Guess OS more aggressively |
A | Enable OS detection, version detection, script scanning, and traceroute |
traceroute | Trace hop path to each host |
PS/PA/PU/PY | TCP SYN/ACK, UDP or SCTP discovery to given ports |
PE/PP/PM | ICMP echo, timestamp, and netmask request discovery probes |
Reason | Display the reason a port is in a particular state |
iflist | Print host interfaces and routes |
system-dns | Use OS's DNS resolver |
sS/sT/sA/sW/sM | TCP SYN/Connect()/ACK |
spoof-mac | Spoof your MAC address |
v | Increase verbosity level |
T | Set timing template (higher is faster) |
Security and legal issues with Nmap
For security and legal issues, Kindly refer the below link.
Confluence Cloud Migration Alert: Please refer to known issues you may encounter in Confluence Cloud: https://eitdocs.atlassian.net/wiki/x/wDGwAQ