Slitheris Network Discovery

---

I was recently made aware of a tool called Slitheris Network Discovery that IT folks will find most useful, and a valuable addition to the toolkit. It's really a pretty good package, and I thought I'd pass the word through this review.

At a glance

Slitheris Network Discovery is a network discovery package. Big deal, you say, what's the great thing about that? Oh, children. If you are a sysadmin, network admin, penetration tester, or a Managed Service Provider (MSP), you need to get a network discovery package.

Network discovery tools are used in discovering all the devices in a network within a specified IP range. These software tools scan a range of IP Address to discover the live devices in the given IP address range. But why do you need a tool such as this?

I'll give you an example from my own experience as a System Administrator.

Story Time

Back in the olden times, I worked for a variety of companies, large and small, contracting here and there. Thankfully, I don't contract anymore, but that's another story. Invariably, you are required to get up to speed quickly, and even do period reviews of your infrastructure in order to provide a level of security. Plus, you need to keep inventory up to date.

Most of the smaller companies I have worked for couldn't afford or were unwilling to shake loose the funds for enteprise grade solutions, so I was usually leaning on things like Angry IP and the like to learn what I was dealing with in a new environment. Then came the tedious job of chasing down all these devices, and finding out what they were. It took at least a week to get a picture of the network, with an explanation of each device. I don't like spending a week doing this. It sucks.

The Review

This is what you came for. The meat of this, and why you should take a look at Slitheris Network Discovery. In this review, I'll give an overview of the features of the package, and give it a grade.

Disagree? Leave a comment below.

Vital Info

These are the vital stat about where to get the package, and what I used to test it.

Software Tested
Name	Slitheris Network Discovery
Company	Komodo Labs
Web site	http://www.komodolabs.com
Demo available?	Yes, 50 devices
Price	Various, see price list
Test System
Test system	Intel Core I7-4770 @ 3.40 GHz 12 GB RAM 8 TB total drive space, 4 TB free Windows 10 Pro, Insider Build 17134.1 (RS4)

Installation

First things first. Let's get this installed

Installation was straightforward. I was able to download the demo from the website, quickly. There were no lags in downloading installation file, which weights in at a little over 5.5 MB. While the installation file is an .Exe (slitheris_installer.exe), the executable is signed with an RSA digital signature generated from a trusted source, in both SHA-1 and SHA-256 formats. Installation is started by double-clicking the downloaded file.

During installation, you are given the option of creating a desktop icon, a start menu entry, or both, or neither. I don't like a cluttered desktop, so I unchecked the desktop icon option, and selected only the start menu option. After all of about 3 seconds, installation is complete, and you are given the option of starting the program, or by unchecking the box, you can exit setup to your desktop.

On Windows 10, you can find the program, as well as its included uninstaller in the usual location under Apps. I'm a fan of the search function of the Start menu, so by tapping the Windows key, and typing Slitheris, it bubbles right up, and appears as so:

Since this is a 32-bit package, the installation files will land in the x86 folder on a 64-bit system:

C:\Program Files (x86)\Komodo Labs\Slitheris

If you are running 32-bit Windows, the files will end up in

C:\Program Files\Komodo Labs\Slitheris

The size of the completed installation, before first run, is 69.7 MB. But why am I bring up file sizes here, when just about everyone has hundreds of gigabytes at their disposal?

The size of the finished product is very telling. This shows me that there are no useless "stuff" laying around inside the codebase. If I was able to crack it open, I am sure I'd find nice tight code, straight and to the point. Us old timers can appreciate that. Believe it or not, there used to be a time when programmers tried to get as much functionality into the smallest code possible. By the size and layout of the installation on disk, I'd say that the author is old school as well. Cheers to you, sir.

Overall, the installation process was very straightforward, with no issues. The installation is clean as well, with no crapware, malware, or adware.

First Run

Upon first open, you may get prompted with a UAC warning. I have my UAC set a bit high, so you may not get this warning. Slitheris opens full screen, and does a quick scan to see what networks are available. In my test, it found three of the four networks I have in my home and lab.

There were no startup hints, or what to do next. But again, this isn't targeted at casual users, but more at IT people. Most IT folks that I know turn of this "How-to Hints" anyway. They just get in the way.

The interface is actually easy to figure out (click for larger picture):

At the top of the screen, you've got:

• The File menu, which has your import/export options, and an easy method to create a portable copy of the program.
• To the right of the File menu, you'll find some handy links for purchasing/pricing, the website, forums, social media, update checker, releases history, license key entry, and a help button.
• Next, in the dashboard you'll find your engine stats. The various matrix' show the status of a scan at any given time. What the engine is discovering, percent of completion of a scan, devices found, etc.

Below the bar, you'll find some automated functions to help you streamline your processes. I didn't use any of these during this test, but I do notice that there is an button labeled EternalBlue Check.

EternalBlue, sometimes stylized as ETERNALBLUE, is an exploit developed by the U.S. National Security Agency (NSA) according to testimony by former NSA employees. It was leaked by the Shadow Brokers hacker group on April 14, 2017, and was used as part of the worldwide WannaCry ransomware attack on May 12, 2017. So you can see why this is an important thing to check for.

Scanning your network(s)

To start a scan, simply expand one of the networks listed in the grid below. Your scan will start, and you'll begin to get data back immediately (click for larger picture):

The program appears to first scan the network(s) for live IPs. It then proceeds to interrogate each device that it finds for whatever information it can get. Ports, protocols, device names, operating system, and more. Absolutely tons of stuff.

I won't go into a whole lot of detail, mainly in the interest of security, but it found things on my network that I had actually forgotten about! On my home and lab network, it correctly found and identified:

• Four devices in the Pusher lab:
  • Gateway running on Windows
  • Windows 2012 domain controller
  • Two Windows 7 workstations
• Fifteen devices on my home network:
  • 1 Cisco/Linksys router
  • 3 phones
  • 5 Amazon Echos
  • 2 TP-Link bridges
  • 2 Windows machines (Server 2016, and Windows 10)
  • 1 Chromecast
  • 1 Printer
• Two devices in the Web lab:
  • Gateway running on Windows
  • The web server

I had completely forgetten about that Chromecast, plugged in to the back of the TV!

The results

The scan completed very quickly. In less than two minutes, Slitheris Network Discovery had scanned all of my internal networks, and found all devices. In all, there were up to 36 pieces of information about each device. Why do I say "up to"? Because some of the devices either simply don't have the information in them, or it is not available through anonymous means.

Did you catch that? I used the word anonymous. At no time did I proved Slitheris any credentials of any sort. All data was found by querying the devices anonymously. No agents, no credentials, nada. Yet, it was still able to fingerprint the operating system correctly.

One of the things I plan on testing in the future is varying security settings on client devices. Things like firewalls, listening services, etc., and see how that affects scan results.

You may already see how Slitheris can help you make your network secure. On the flip side of that, if you are a penetration tester, you can see how this might help you find vulnerabilities in a target.

Feature rich

There are so many features in this package, it's hard to put all of them in this post, without throwing a wall of text at you, dear reader. I would like to take a moment to highlight a couple of the more noteworthy features.

• Age estimation Yep, you can see an estimate of the age of the device, based on how the device responds to certain queries. Why is this important? A good IT person keeps drivers and firmwware up to date. If you've got a flaky video card or NIC from 1997 that is no longer compatible, you'll want to know about it, and most likely replace the device. Also, the more popular a particular device is, the more accurate the estimation will be.
• Malware detection You can easily detect activity of EternalBlue, the leaked exploit allegedly from a three letter agency. EternalBlue is used by such ransomware nasties as WannaCry and Satan. It's still an issue in 2018, as evidenced by reports of infections on Boeing systems.
• Bang for the buck Just that simple. Slitheris Network Discovery has been available to the public for a little over two years now, and has a feature set which, frankly, puts other packages to shame.
• Portable Mode This is a handy for MSPs and other IT folks who go on a customer site to perform diagnostices or site surveys. It allows you to run the scan, and save the data for review later.

Alternatives?

There are a lot of packages out there that sweep subnets for devices. They range from free ip scanners, to enterprise grade network mapping and inventory systems. Most of these packages have been around for years and even decades, but don't give the feature-rich experience of Slitheris Network Discovery, which is a relative newcomer to this niche.

The problem with free ip scanners is that they seem to focus on one or two bits of information. In my experience, they've all been pretty basic, doing a simple scan of a single subnet, and simply giving a list of responding IP addresses.

Enterprise level solutions get more in depth, and the better ones have an "anonymous mode", where you can run without credentials to get a view of your network as a "guest" might see it. The downside? These packages cost BIG MONEY, and are usually part of an inseparable suite. Do you want to spend BIG MONEY for one function? I don't

Recommendation

In my opinion, I would definitely give Slitheris a look. At least try the trial version, and see if it can do what you need. I was frankly impressed of the quick work that it did in inventorying my network and devices, and thoroughly.

It is something I will add to my toolbag, for sure. I ran in to no issues, and everything went smooth. FileMon and RegMon found no illicit activities, and no funky network connections (outside the local network, of course) were detected (no phone home).

About this post

Posted: 2018-04-23
By: dwirch
Viewed: 1,982 times

Categories

Tip

Review

Blog

Windows

Attachments

No attachments for this post

Comments

No comments have been added for this post.

You must be logged in to make a comment.