This table gets correlated with the ARP table of the routers that service that subnet to create a table that lists each IP address, its corresponding MAC address, virtual LAN ID and the interface name of the switch port to which it is connected. When a switch is identified, its forwarding address table should be retrieved. The network management access credentials can then be used to examine each possible network device to find its neighbors. Next, for each router, retrieve its ARP table, and examine the Media Access Control (MAC) address vendor code to identify network device vendors. You now have a list of all routers in the space. Repeat this network device discovery process with each router that is within the search space or that is advertising routes to subnets within the search space. Record the addresses of those neighboring routers whose addresses are in the desired address space or routers that are advertising routes that are in the desired address space. Note that you may need to handle multiple virtual routing and forwarding instances. Identify all neighboring routers, which will appear as next-hop devices in the routing table. We're going to start with this table to discover the routing infrastructure. ![]() Start with the seed device, and retrieve its local routing table. The local router should be within the discovery address range. The smart discovery mechanism starts with the IP address range to discover and at least one seed device - typically, the local default router. This means you'll need login or SNMP read-only credentials. There is a better alternative to ping sweeps, as long as you have access to network devices via a command-line interface (CLI), Simple Network Management Protocol (SNMP) or an API and the ability to create a script that can query network devices for some basic connectivity data. That's because ping sweeps are also the mechanism that malware uses to discover neighboring devices. Addresses that are not in use are probed as well, and in many networks, that can result in a huge amount of additional processing.įinally, ping sweeps also generate traffic from security systems safeguarding the network. ![]() Every IP address in the search range is probed multiple times to permit Address Resolution Protocol (ARP) resolution. The disadvantage of ping sweeps as a network discovery tool is they generate a lot of unnecessary network traffic. It is the mechanism of choice because the only information that is needed is the target IP address range. Network scanning programs, like Nmap, and many network management systems rely on ping sweeps. It is a simple mechanism that only requires the endpoints and network devices to support Internet Control Message Protocol echo request/reply packets. Ping sweeps are the default tool used for network device discovery. You need to be able to quickly find where an endpoint is located when the intrusion prevention system indicates that the endpoint is trying to communicate with a known external malware site. ![]() A system may be in one location today and running on a different physical system tomorrow. Software licensing mechanisms help, but it would still be nice to track these instances so you know the organization is compliant with vendor licensing requirements.ĭynamic workloads are also making network discovery more challenging. These systems are simply software packages running on an x86 platform. ![]() The new world of virtual appliances has changed network device discovery and inventory needs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |