Last week when I was trying to read data from packets, I came across a lot of garbled or unreadable data. I thought I could be unpacking the packets wrong, but I verified that I wasn’t. I realised that that data was just encrypted data and thus, unless I had the session keys as well, I won’t be able to read that data. I was able to verify this after looking at the packets in wireshark, as wireshark can tell us whether the packet was HTTPS or HTTP.
After finishing a basic pcap parser that discovers web-servers running in a network, I wrote a simple wireshark-like program in python that can capture any packet either on the specified interface or on all interfaces.
After collecting data by using Wireshark, I started thinking of ways to identify services and hosts in the network.
I spent the past week learning about passive service discovery (PSD), and how it compares against active service discovery.
PSD works on the principle of non-disruptive traffic analysis. In simpler words, it does not interfere in any way whatsoever with the traffic in the network and it is invisible to all the other hosts in the network. Identification of the services is done by observing and analysing the traffic in the network.
How does ServiceNow service discovery work?
- Agentless discovery
- Two parts:
- Data collection and processing
DigitalOcean has an excellent series on The Docker Ecosystem, and part 3 of this series explains the general concepts of Application Service Discovery (ASD). I’d recommend it to anyone who has no clue what ASD is, and wants to understand it, from a fairly abstract point of view.
I’ll be writing about what I learn while doing my final year project which is based on application service discovery, and also take you through a journey of finding out which is the best biriyani in Bangalore!