beautypg.com

Stop, 11 advanced features and functions – CRU Ditto Forensic FieldStation User Manual

Page 29

background image

29

Protecting Your Digital Assets

TM

Ditto Forensic FieldStation User Manual

11 ADVANCED FEATURES AND FUNCTIONS

11.1 NETVIEW SCAN

This type of network probing is very noisy and may trigger any IT related Intrusion Detection Devices (IDSs) on
the network. Please be sure to run this action in a very controlled and isolated environment.

a. Select

Netview Scan

from the “Action to Perform” drop-down box.

b. Configure the available options, which are detailed below in Section 11.1.1.

c. When you are finished, press the

Start

button. You should see updates every few seconds that describe

the current scan being executed, the number of hosts discovered, and the progress of the current scan.
Please note that progress estimates are crude and are still being developed. A “Completed” message box
will pop up when the action has finished. Click on the message to continue.

You can view the results of the Netview Scan action by scrolling down to the “System Log” panel on the
“Home” screen. Find and click on the latest link, which will be denoted by a filename with a date/timestamp
format: “S_yyyymmddhhmmss”. Alternatively, you can click on the

Logs button

from the top menu bar.

The “Netview Report” section contains summaries of the discovered hosts, including the IP address, MAC
address, and the manufacturer associated with the MAC address if that information can be determined. The
“Hostname” will be blank if a DNS lookup could not associate the host’s IP address to a name.

11.1.1 Netview Scan Configuration Options

The following options can be configured before running a Netview Scan:

Interface Selection

The “Interface” drop-down box allows you to tell the Ditto Forensic FieldStation which Ethernet con-
nection to use during the Netview Scan. You can choose either the

Source

or

Destination

Ethernet

ports.

The selected interface will be used when the scan is started. This may create a heavy network traffic

load and depending on the “Timing” setting in the “Discovery Options” subsection, may alert your IT

department that the network is under some sort of threat. Ensure that the selected interface is attached

to a controlled and isolated network.

IP Scan Range

By default the last octet of the IP address of the selected interface will be scanned. You may change
this value and enter a list of IP address, a range of IP addresses, or a combination of both. Click the
“Reset” icon to reset the IP Scan Range back to its default value.

Examples:

1. Range: 10.10.10.0-255

Scans the addresses 10.10.10.0 through 10.10.10.255.

2. Range 2: 10.10.10-12.0-255

Scans addresses 10.10.10.0-255, 10.10.11.0-255, and 10.10.12.0-255.

3. List: 10.10.10.1

Will only scan IP address 10.10.10.1

4. List 2: 10.10.10.2,10.10.10.3

STOP!

See also other documents in the category CRU Computer Accessories: