Passive network discovery tool

It can detect a variety of different vulnerabilities but is also not a stealthy scanner. Scanning with Nikto can be effective but is easily detectable by an intrusion detection or prevention system like most active reconnaissance tools.

Metasploit is primarily designed as an exploitation toolkit. It contains a variety of different modules that have prepackaged exploits for a number of vulnerabilities. With Metasploit, even a novice hacker has the potential to break into a wide range of vulnerable machines. Although it was designed as an exploit toolkit, Metasploit can also be effectively used for reconnaissance.

At the minimum, using the autopwn option on Metasploit allows a hacker to try to exploit a target using any means necessary. More targeted analysis can allow a hacker to perform reconnaissance using Metasploit with more subtlety. Network reconnaissance is a crucial part of any hacking operation. Any information that a hacker can learn about the target environment can help in identification of potential attack vectors and targeting exploits to potential vulnerabilities.

By using a combination of passive and active reconnaissance tools and techniques, a hacker can maximize the information collected while minimizing their probability of detection.

A new tab for your requested boot camp pricing will open in 5 seconds. If it doesn't open, click here. Howard Poston is a cybersecurity researcher with a background in blockchain, cryptography and malware analysis. He has a master's degree in Cyber Operations from the Air Force Institute of Technology and two years of experience in cybersecurity research and development at Sandia National Labs.

He currently works as a freelance consultant providing training and content creation for cyber and blockchain security. The other component of the Network Monitor is its traffic analyzer. This works through NetFlow and other device communication protocols to collect live traffic throughput data for each interface on switches and routers. This enables the Network monitor to enhance its device inventory and topology maps with live traffic throughput information per link.

Instead, it forms part of each of the five monitoring service bundles that Site24x7 offers. These are:. For example, taking out a subscription to Site24x7 Infrastructure gets you access to the Network Monitor plus server, virtualization, application, and website monitoring tools.

You can get a day free trial of Site24x7 Infrastructure. Syxsense Manage is a SaaS platform that enables the central administration of remote sites. The cloud-based console is accessed through any standard Web browser from anywhere. It is through this interface that the system manager enrolls a network. Getting a network included in the management system involves downloading an agent program onto one of the hosts connected to it.

Once the agent is on site, it performs a network discovery routine. This service operates on a cycle, so it runs continuously throughout the Syxsense Manage service life. This means that it will spot any changes to the list of devices connected to the network. The results of the network scan are shown in the system console. This lists all of the discovered devices.

Once the asset inventory is complete, the service scans each discovered endpoint and creates a software inventory. This operation will scan through devices running Windows , macOS , and Linux. The manager of multiple sites repeats these steps for all locations just by installing the agent on each site. With all sites enrolled, the manager can see an overview of the entire system and then focus in on each site and then down to each individual endpoint. The software inventory can also be consolidated per site, which enables functions such as software license management.

The package includes utilities for manual access and also automated maintenance services. Among the automated services is a patch manager. This maintains the software inventory and keeps checks on the suppliers of the operating systems and software packages listed in it, looking for the availability of updates.

When patches become available, the Syxsense Manager service copies them over to its own storage space. A Syxsense Manage package includes 50 GB of cloud storage.

The Syxsense Manage package is a subscription service with the lowest bundle monitoring 10 devices. This is charged annually in advance. You can assess the service with a day free trial. Paessler PRTG is a combined network device monitor, traffic analyzer, and server status manager. This will keep track of the health and performance of all of your network hardware and supporting devices. The server status monitoring extends to Cloud storage and online application services.

Application transaction and resource utilization are also covered, and the monitor extends to the tracking of database transactions that server application execution. PRTG will also cover virtual environments and wifi elements in your network. All of those different types of services take a lot of tracking, and it can be challenging to conceptualize all of the interfaces between different types of systems.

The software installs itself, and one of the setup steps is a network discovery scanning phase that will document and list all of these different types of devices and how they work together. You can opt for an online version of the system, but that still needs an agent to be installed on your system. The PRTG dashboard can assemble maps that represent all of the different elements of your network. You can access maps that show virtualization , wifi performance , VoIP traffic , general network performance by link and end-to-end , and connections over the internet through to the operations of network links and server performance owned and managed by other companies.

Any potential problems arising in any part of the system get reported to the console immediately. Those alerts can be customized , so you can specify your combination of errors and warnings that would make you sit up and take notice, rather than getting notified about low ink toner levels or other non-critical maintenance conditions. While all of this monitoring is going on, the network discovery process keeps you in the loop.

So, any outages or performance problems get reflected on your various network maps. The PRTG system can be accessed as a Cloud service , or it can be installed on premises — the software will run on Windows 10 and Server environments. The system is available for free to monitor small networks. You can also get a day free trial of PRTG. You will encounter two types of Nagios monitoring software. The one you need to consider is Nagios XI. Nagios Core is a free, open-source network management tool.

There is a Nagios Community made up of Nagios users and you can get interfaces for Nagios Core in the community forum for free from some of those users. However, Nagios XI is Nagios Core with a professional interface included , so you are better off going for that version. The Nagios XI suite includes an autodiscovery module that will map all of your network for you and compile an inventory list.

This means that you can review periods of network congestion and watch as bottlenecks appear. This is an excellent tool for analyzing the system weaknesses because you can examine events over and over again, making sure that you understand exactly what happened. The monitor will observe and record the status of your network equipment and you will see alerts when failure and warning conditions occur. In addition to showing alerts in the Dashboards, you can get Nagios to notify team members by email or SMS.

Those alerts can be directed to different team members according to source and severity. The Dashboard can also be customized, which means that you can give access to different views and controls to different team members.

The Dashboard widgets include dials, graphs, histograms, and charts that make data easier to view. There is a free version of Nagios XI.

This is capable of monitoring small networks. Free Nagios XI is limited to monitoring just seven pieces of equipment. The paid version of the system is available in a Standard Edition and a more expensive Enterprise Edition depending on the size of your network. Related post: Nagios vs Zabbix. A significant advantage of the SNMP methodology is that it has network discovery software built-in. This is because all network devices have SNMP agents installed on them, so any monitoring program just has to broadcast a report request on the network to receive notifications from all of the network equipment.

This enables an initial network device inventory to be compiled. The polling process of SNMP is re-issued periodically. That means that the equipment list is continuously updated. So, if you add or remove a device, those changes get registered in the inventory automatically. Cacti is a free, open-source system that was created to provide a front end to the data gathering RDDTools. So, you need to install both of these systems to get network discovery and monitoring.

The RDDTool system is also open source and free to use. The Cacti package includes a set of graph templates. You can customize a user interface by selecting a subset of the graph template pack. You can also create multiple user accounts and assign different sets of graphs to each. Dean Ferrando of Tripwire, a supplier of cybersecurity software, notes that most organizations start off by manually maintaining a list of devices or assets in a shared document, such as an Excel spreadsheet, and make changes whenever a new device is either acquired or depreciated.

This process is manageable when organizations are relatively small and not that complex. But it becomes a very flawed approach when organizations or networks begin to grow. Active methods, also known as standard asset discovery, commonly use software that polls devices across a network—the classic ping-and-response process. But they can also use discovering devices that attempt to log into devices in order to pull back a full inventory of connected applications, Ferrando says.

The problem with active methods is that they can slow down the network as all those contact attempts are broadcast to the devices. This is clearly a problem for time-sensitive networks like an industrial control system ICS , which is why there is clearly a trend toward passive methods of asset discovery.

The passive asset discovery approach, which essentially listens for traffic being broadcast around a network, removes the issue of network bandwidth consumption, notes Fernando. However, it also requires that all devices be enabled to send syslogs. The syslog approach can be used with active and passive methods. It requires a syslog message to be captured by a log management system, and automatically creates an asset based on the data contained within the syslog itself.

Discovering a missing syslog asset two months later could mean that attackers could have exploited and compromised business assets during that period.

Asset discovery is the ability to provide visibility of all devices located within an organisation with limited or no human interaction. Most organisations would start off manually maintaining a list of their devices or assets in a shared document such as an Excel spreadsheet, making changes whenever a new device is either acquired or depreciated. This process is manageable when organisations are relatively small and not that complex.

However, this method becomes very flawed when organisations or networks begin to grow. One of the main pain points with this methodology is time. Keeping these lists updated can become a full-time job in some cases.

However, most organisations have caught on to the fact that device management is a critical part of not only their operations process but also their security process, and not having visibility or knowledge of devices on their network could open them up to potential security weak points.

With that being said, there are a few methods organisations can adopt to assist in this regard, and to be honest, most organisations most probably have already purchased software solutions that could assist.