Network Device Enumeration and Identification Using Passive Asset Detection

Abstract: As society strives for an increasing amount of connectivity and digitalization to increase accessibility and productivity, society is also more vulnerable then ever before. Thus, societal, business and personal infrastructure is the most vulnerable it has ever been. Therefore, the need for systems that can digitally catalog all devices within a network and provide information about each and every device, what other devices it is communicating with and its placement within the network, along with providing ways to identify potential threats before it is to late, is at an all time high. This report presents the process of designing, developing and using a system aimed at performing passive asset detection and how it can lead to an increased visibility and knowledge of a network. The system is developed using C++, Python and the graph database Neo4j, which also provides a tool called Bloom to interactively visualize the database using custom Bloom perspectives. It uses direct informational gain to make initial assumptions about a device, subnetwork or network and tries to strengthen these assumptions using indirect information that is gained by passively analyzing traffic, provided over a longer period of time. Data can be supplied using either pcap files or by using the live capture feature and should be recorded at the router closest to the end point devices in each individual subnetwork to work optimally.