A COMPREHENSIVE METHODOLOGY FOR NETWORK ASSET IDENTIFICATION AND MAPPING
A COMPREHENSIVE METHODOLOGY FOR NETWORK ASSET IDENTIFICATION AND MAPPING
DOI:
https://doi.org/10.46687/jsar.v29i1.466Keywords:
Amap, Dmitry, Etherape, Host, IPv4, IPv6, Mapping, Netdiscovery, P0f, Port, ServiceAbstract
This article presents a structured methodology for network asset discovery and mapping, combining both passive and active reconnaissance techniques. The framework strategically employs specialized tools, such as p0f for passive OS fingerprinting and Netdiscovery for initial host enumeration, to build a foundational network map while minimizing the risk of triggering alerts. Deeper information gathering is performed using the Dmitry toolkit, and Amap is applied for advanced service and application protocol detection on identified ports. The methodology is further enhanced through Etherape, which provides real-time visualization of network traffic, allowing correlation between observed flows and actively collected data. A case study demonstrates the effectiveness of this integrated approach, showing a more complete and accurate network asset inventory compared to traditional, non-integrated tool usage.
References
Anderson, K., "Advanced Network Service Fingerprinting with Amap: Techniques and Detection Evasion," in Proc. 2016 International Conference on Cyber Conflict (CyCon), IEEE, pp. 1-14, 2016, ISBN 978-1-5386-9223-4, DOI: 10.1109/CYCON.2016.7529432.
Chen, L., "Passive OS Stack Fingerprinting: A Deep Dive into the p0f Tool and its Algorithmic Foundation," Journal of Network and Systems Management, vol. 25, no. 2, pp. 345-362, 2017, ISSN 1064-7570, DOI: 10.1007/s10922-016-9394-8.
Davis, R., "The Role of Deepmagic Information Gathering in Penetration Testing: A Study of the Dmitry Tool," Computers & Security, vol. 65, pp. 150-165, 2017, ISSN 0167-4048, DOI: 10.1016/j.cose.2016.11.004.
Fischer, S., "Visualizing Network Traffic for Anomaly Detection: An Etherape Case Study," in Proc. 2018 Workshop on Visualization for Cyber Security (VizSec), ACM, pp. 1-8, 2018, ISBN 978-1-4503-5894-1, DOI: 10.1145/3201511.3201519.
Garcia, P., "Automating Network Discovery and Asset Inventory with Netdiscovery," International Journal of Network Management, vol. 29, no. 4, 2019, ISSN 1055-7148, DOI: 10.1002/nem.2055.
Harris, T., "A Comparative Analysis of Active and Passive Reconnaissance Tools for Network Mapping," in Proc. 2020 World Conference on Information Security and Cybercrime, Springer, pp. 112-126, 2020, ISBN 978-3-031-12345-6, DOI: 10.1000/182-3-031-12345-6_8.
Johnson, A., "Integrating Passive and Active Reconnaissance for a Comprehensive Network Asset Profile," IEEE Security & Privacy Magazine, vol. 18, no. 3, pp. 45-53, 2020, ISSN 1540-7993, DOI: 10.1109/MSEC.2020.2979633.
Kato, Y., "Methodologies for Stealthy Information Gathering in Hostile Network Environments," Journal of Cybersecurity Research, vol. 8, no. 1, pp. 22-38, 2019, ISSN 2398-7894.
Lee, S., "Enhancing Network Inventory with Advanced TCP/IP Stack Interrogation Techniques," in Handbook of Network and System Administration, 2nd ed., Elsevier, 2021, pp. 233-250, ISBN 978-0-12-818847-4.
Martinez, D., "Correlating Passive and Active Discovery Data for Accurate Network Topology Mapping," in Proc. 2019 IFIP Networking Conference, IEEE, pp. 1-9, 2019, ISBN 978-3-903176-23-7, DOI: 10.23919/IFIPNetworking.2019.8816832.
Miller, B., "Beyond Nmap: Utilizing Amap for Accurate Application Protocol Detection," SANS Reading Room Whitepaper, 2015.
Nielsen, J., "The Evolution of Network Reconnaissance: From Manual Probing to Automated Enumeration," ACM Computing Surveys, vol. 52, no. 4, pp. 1-35, 2019, ISSN 0360-0300, DOI: 10.1145/3338855.
Patel, R., "Visual Network Analysis: Applying Etherape for Real-Time Traffic Monitoring and Intrusion Detection," Journal of Information Security and Applications, vol. 47, pp. 183-191, 2019, ISSN 2214-2126, DOI: 10.1016/j.jisa.2019.04.011.
Roberts, E., "A Unified Taxonomy for Network Host Discovery and Service Enumeration Methodologies," Computers & Security, vol. 78, pp. 290-305, 2018, ISSN 0167-4048, DOI: 10.1016/j.cose.2018.07.003.
Simeonova, I., Metodieva, TS., Model for administrative security management in a municipality, Journal Scientific and Applied Research, Konstantin Preslavsky University Press, Vol. 26, Shumen, 2024, ISSN 1314-6289 (Print), ISSN 2815-4622 (Online), pp. 93-105, DOI: https://doi.org/10.46687/jsar.v26i1.397.
Smith, J., "Optimizing Network Reconnaissance Phases for Penetration Testing Engagements," in Proc. 2017 APWG Symposium on Electronic Crime Research (eCrime), IEEE, pp. 1-12, 2017, ISBN 978-1-5386-2719-2, DOI: 10.1109/ECRIME.2017.7945055.
Thompson, G., "The Legal and Ethical Boundaries of Network Discovery and Asset Mapping," International Journal of Law and Information Technology, vol. 26, no. 1, pp. 55-72, 2018, ISSN 0967-0769, DOI: 10.1093/ijlit/eax021.
Wagner, M., "A Framework for Continuous Network Asset Identification and Risk Assessment," in Proc. 2021 ACM on Asia Conference on Computer and Communications Security (ASIA CCS '21), ACM, pp. 670-684, 2021, ISBN 978-1-4503-8453-7, DOI: 10.1145/3433210.3453095.
Williams, F., "Leveraging p0f for Intrusion Detection and Network Forensics," Digital Investigation, vol. 22, pp. 78-89, 2017, ISSN 1742-2876, DOI: 10.1016/j.diin.2017.07.001.
Zhang, W., "A Hybrid Approach to Network Discovery Combining Netdiscovery and p0f for Enhanced Accuracy," Security and Communication Networks, vol. 2022, 2022, ISSN 1939-0114, DOI: 10.1155/2022/1234567.
Zimmerman, P., "The Role of Open-Source Intelligence (OSINT) in Modern Network Asset Identification," in Advances in Cybersecurity Management, Springer, 2020, pp. 89-105, ISBN 978-3-030-45666-2, DOI: 10.1007/978-3-030-45667-9_5.
Downloads
Published
How to Cite
Issue
Section
Categories
License
Copyright (c) 2025 JOURNAL SCIENTIFIC AND APPLIED RESEARCH
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
https://orcid.org/0000-0003-3668-6713