Communication Encryption between MID server and target devices

Ankush13
Kilo Guru

I was wondering what kind of secure communication is happening between MID server and target servers while they are communicating during discovery. Can this be pulled down via wireshark? Or is it encrypted with some algorithm of some sort.

- AL

1 ACCEPTED SOLUTION

doug_schulze
ServiceNow Employee
ServiceNow Employee

Great thread!   Awesome contributions.. For windows we use Packet privacy as outlined here... Authentication Level (COM)



You can see it set in the /agent/lib/WMIScanner script on the midserver host



WMIScanner.prototype = {


      defaultRoot: 'root\\cimv2',


      wbemFlagReturnImmediately: 0x10,


      wbemFlagForwardOnly: 0x20,


      PktPrivacy: 6,


View solution in original post

8 REPLIES 8

Frank1975
Kilo Guru

The Data Stream between the MID Server and the Target Server is encrypted. Please have a look here:



MID Server Requirements - ServiceNow Wiki



Hope that helps.



Frank


I believe that link refers to the connection between the MID server and the SNow instance?


Oh, sorry, i just checked the SSH within number 4.1 "Discovery logs into a machine with SSH and runs commands within an encrypted session to gather system information"


for WMI i am not sure.



Thanks



Frank


Good catch Frank, I missed that for SSH. Interesting question, I'll try and wireshark a Windows discovery today and see what I get.