Communication Encryption between MID server and target devices

Ankush13 · ‎09-03-2014

I was wondering what kind of secure communication is happening between MID server and target servers while they are communicating during discovery. Can this be pulled down via wireshark? Or is it encrypted with some algorithm of some sort.

- AL

doug_schulze · ‎09-04-2014

Great thread! Awesome contributions.. For windows we use Packet privacy as outlined here... Authentication Level (COM)

You can see it set in the /agent/lib/WMIScanner script on the midserver host

WMIScanner.prototype = {

defaultRoot: 'root\\cimv2',

wbemFlagReturnImmediately: 0x10,

wbemFlagForwardOnly: 0x20,

PktPrivacy: 6,

View solution in original post

doug_schulze · ‎09-04-2014

Great thread! Awesome contributions.. For windows we use Packet privacy as outlined here... Authentication Level (COM)

You can see it set in the /agent/lib/WMIScanner script on the midserver host

WMIScanner.prototype = {

defaultRoot: 'root\\cimv2',

wbemFlagReturnImmediately: 0x10,

wbemFlagForwardOnly: 0x20,

PktPrivacy: 6,

Ankush13 · ‎09-04-2014

Nice! So a pentester will catch packets but he will have a hard time to decrypt them.

Thanks!

- AL

teena2 · ‎10-26-2017

Hello,

I am trying to find this WMIScanner script but can't find this under agent/lib on Midserver host.

Is there any way I can prove to our Security team that the communication between Midserver and Service Now instance is encrypted?

Regards,

Teena

tim_broberg · ‎10-26-2017

Hi, Teena.

The mid will connect to the instance to fetch those scripts.

That connection is secured with TLS.