After finishing a basic pcap parser that discovers web-servers running in a network, I wrote a simple wireshark-like program in python that can capture any packet either on the specified interface or on all interfaces.
After collecting data by using Wireshark, I started thinking of ways to identify services and hosts in the network.
I spent the past week learning about passive service discovery (PSD), and how it compares against active service discovery.
PSD works on the principle of non-disruptive traffic analysis. In simpler words, it does not interfere in any way whatsoever with the traffic in the network and it is invisible to all the other hosts in the network. Identification of the services is done by observing and analysing the traffic in the network.
How does ServiceNow service discovery work?
- Agentless discovery
- Two parts:
- Data collection and processing
DigitalOcean has an excellent series on The Docker Ecosystem, and part 3 of this series explains the general concepts of Application Service Discovery (ASD). I’d recommend it to anyone who has no clue what ASD is, and wants to understand it, from a fairly abstract point of view.