Discovery Product Pack

Scenario

Tachyon can port scan subnets and identify services with open ports on devices on that subnet. It is not necessary for the devices to be running the Tachyon agent, as long as one device on the subnet has the agent running.

Product Pack notes:

Scenario

Tachyon can port scan subnets and identify services with open ports on devices on that subnet. It is not necessary for the devices to be running the Tachyon agent, as long as one device on the subnet has the agent running

Instructions

Questions

  • Which devices have services listening on port
  • What subnets are associated with devices

Resources

  • A PowerShell script to DNS resolve IP addresses
  • A PowerShell script to compute the subnet(s) associated with all network adaptors on the endpoint(s) on which the instruction is being run.

Notes

The question “what subnets are associated with devices” is a smart followup question.

When invoked as a stand-alone question, all subnets on all targeted endpoints will be reported back. When invoked as a followup question, only the specific subnet that has been selected for followup processing will be scanned. A “non-smart” version of the question would have scanned all subnets on the target endpoint again, which is not consistent with the user’s naive expectation of what will happen and makes the question less useful in forensic applications.

You cannot scan a subnet with more than 255 IP addresses. This is a current limitation of Tachyon’s discovery methods. An error is returned if you attempt to do so.

You must log in to submit a review. Click here to login.