Most of the work of this project has been concluded, a new module needs to be written which can manage the other three modules written: active discovery, passive discovery, and the mapping module.
This manager module is fairly straightforward: initialise whatever files needed, execute the modules whenever needed, and make they continue executing based on the requirements.
This has been written as well, and the project works as the requirements were set.
A sample output is below:
- Classify the discovered services, by attaching a tag name to each.
- Establish relationships between various services by looking at TCP port, IP address.
- Draw a dependency map after all relationships are established.
Finally, show not only the dependency map, but a detailed list of all established relationships between services, servers, and hosts.
I have extended the module to support a few more applications this week. I had to go back and change the pattern recognition methodology for wordpress and MySQL server (see previous week post) as they were not working for all cases.
Continue reading “Application Service Discovery – Week 8”
Last week when I was trying to read data from packets, I came across a lot of garbled or unreadable data. I thought I could be unpacking the packets wrong, but I verified that I wasn’t. I realised that that data was just encrypted data and thus, unless I had the session keys as well, I won’t be able to read that data. I was able to verify this after looking at the packets in wireshark, as wireshark can tell us whether the packet was HTTPS or HTTP.
Continue reading “Application Service Discovery – Week 6”
After finishing a basic pcap parser that discovers web-servers running in a network, I wrote a simple wireshark-like program in python that can capture any packet either on the specified interface or on all interfaces.
Continue reading “Application Service Discovery – Week 5”
After collecting data by using Wireshark, I started thinking of ways to identify services and hosts in the network.
Continue reading “Application Service Discovery – Week 4”
How does ServiceNow service discovery work?
- Agentless discovery
- Two parts:
- Data collection and processing
Continue reading “Application Service Discovery – Week 2”
DigitalOcean has an excellent series on The Docker Ecosystem, and part 3 of this series explains the general concepts of Application Service Discovery (ASD). I’d recommend it to anyone who has no clue what ASD is, and wants to understand it, from a fairly abstract point of view.
Continue reading “Application Service Discovery – Week 1”