- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-03-2014 09:36 PM
I was wondering what kind of secure communication is happening between MID server and target servers while they are communicating during discovery. Can this be pulled down via wireshark? Or is it encrypted with some algorithm of some sort.
- AL
Solved! Go to Solution.
- Labels:
-
Discovery
-
Service Mapping
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-04-2014 09:12 AM
Great thread! Awesome contributions.. For windows we use Packet privacy as outlined here... Authentication Level (COM)
You can see it set in the /agent/lib/WMIScanner script on the midserver host
WMIScanner.prototype = {
defaultRoot: 'root\\cimv2',
wbemFlagReturnImmediately: 0x10,
wbemFlagForwardOnly: 0x20,
PktPrivacy: 6,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-04-2014 05:10 AM
The Data Stream between the MID Server and the Target Server is encrypted. Please have a look here:
MID Server Requirements - ServiceNow Wiki
Hope that helps.
Frank
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-04-2014 05:55 AM
I believe that link refers to the connection between the MID server and the SNow instance?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-04-2014 06:04 AM
Oh, sorry, i just checked the SSH within number 4.1 "Discovery logs into a machine with SSH and runs commands within an encrypted session to gather system information"
for WMI i am not sure.
Thanks
Frank
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-04-2014 06:14 AM
Good catch Frank, I missed that for SSH. Interesting question, I'll try and wireshark a Windows discovery today and see what I get.
