11/10/2023 0 Comments Scan network mac address![]() This is not a limitation or defect of the scan engine, but rather a reality of the IP protocol suite and modern network infrastructure. The implications of this are that the MAC address is not included in the network packets received by the scan engine. When performing an unauthenticated scan against assets that are accessed via a router, the scan engine is only able to communicate with that asset via the Network layer. This leads to the limitation in unauthenticated scans. MAC address discovery with unauthenticated scans IP addresses are used to communicate with devices across different networks, traversing through routers. On the other hand, IP addresses are part of the Network layer. Any devices communicating at the Link layer do so without the use of routers. The MAC address is used by the hardware when communicating with other devices on the same network equipment. The MAC address is part of the bottom layer called the Link Layer. The IP protocol suite can be thought of in 4 layers: In order to understand these limitations, it is important to first understand the fundamentals of the IP protocol suite. This is due to limitations of network protocols and modern network topologies. However, collecting the MAC address with an unauthenticated scan (a scan where no credentials are provided) is less reliable. When performing an authenticated scan (a scan whereby the engine has the necessary credentials to authenticate to the target), collecting the MAC address is relatively straightforward, as all operating systems provide tooling to gather this information. ![]() Several manufacturers will use the same first 3 bytes when assigning a MAC address to a device (for example, several CISCO SYSTEMS, INC devices use 00000C as the MAC address prefix). In some cases, the MAC address can be used as a rudimentary means of fingerprinting an asset. As a result of the volatile nature of IP addresses, identifying assets using the MAC address can provide increased reliability when integrating scan results. ![]() The MAC address is one of several attributes used by the Security Console to perform asset correlation. When scanning an asset, one key piece of data that the InsightVM Scan Engine collects is the MAC address of the network interface used during the connection. Written in collaboration with Jimmy Cancilla ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |