This is for the UF Enterprise Security Class.

• Hardware and Software Asset Inventories: Why they Matter
• Managed Software Inventory Guideline | Information Security Office

For all of the below categories, I’ve given you a short summary of what to do along with some resources to learn more.

How do I know what is on my network?

You may already have a network diagram, but it is important to ensure that the network diagram is correct.

If your network is on a specific subnet (eg. 172.16.10.0/24), you can use a tool called nmap to discover hosts.

The following command will scan a subnet (using ping) and report back with the hosts that are up

sudo nmap -sn 172.16.10.0/24

Note that you should not run nmap on the UF network. UFIT will not be happy!

Once you have all the hosts on the network, you can move on to identifying the software on those hosts.

• Nmap - Host Discovery

Software Inventory

First, you want to discover what operating system you’re on.

What OS am I running?

Windows

Run systeminfo or winver

• systeminfo | Microsoft Learn
• What version of Windows am I running? | Microsoft Learn

Linux

Run cat /etc/os-release, lsb_release, or uname -a

• On what Linux distributions can I rely on the presence of /etc/os-release? - Unix & Linux Stack Exchange
• lsb_release
• uname command in Linux with Examples

How much RAM do I have?

Windows

systeminfo

Linux

free -h

• How to Use the Linux Free Command

How much Swap do I have?

Windows

systeminfo

• operating system - What’s the difference between “virtual memory” and “swap space”? - Stack Overflow

Linux

free -h

• How to Use the Linux Free Command
• Chapter 15. Swap Space | Red Hat Product Documentation

How much Hard Disk space do I have?

Windows

Run Get-PSDrive -PSProvider FileSystem

• Get-PSDrive (Microsoft.PowerShell.Management) - PowerShell | Microsoft Learn

Linux

Run df -hT

• Check your disk space use with the Linux df command

What are my network interfaces?

Windows

Run ipconfig

• ipconfig | Microsoft Learn

Linux

Run ip a or ifconfig

• Network Journey
• ip Command in Linux with Examples
• ifconfig Command - GeeksforGeeks

What applications are running?

Windows

tasklist or task manager

• tasklist | Microsoft Learn

Linux

ps -efHw | less or ps aux

• ps(1) - Linux manual page

What services are running?

Windows

Get-Service | Where-Object {$_.Status -eq "Running"}

Or services app

• Get-Service (Microsoft.PowerShell.Management) - PowerShell | Microsoft Learn

Linux

Run systemctl status

Alternatively, systemctl list-units --type=service --state=running

• How to List Linux Services With systemctl

How do I identify which services are important?

When you run nmap, you can use the arguments -sC and -sV to guess which services are running remotely. This isn’t very accurate though.

On Linux, ss -ntlp will show you the service name alongside the port and PID

Generally, the services we care about the most are the ones that are exposed to the network. This means whatever has a LISTENING port.

For windows, it can be a bit annoying to figure this out.

To make things easier, I wrote a short script. If you use it, try to explain to me how it works.

Older Windows (Server 2012)

netstat -ano | findstr LISTENING | findstr /V '\[' | ForEach-Object {
 	$parts = $_ -split '\s+'
	$localAddress, $localPort = $parts[2] -split ':'
	$myPID = $parts[5]
	$process = Get-Process -Pid $myPID | Select-Object -ExpandProperty ProcessName
	"Address: $localAddress, Port: $localPort, Process: $process"
}

Newer Windows

Get-NetTCPConnection -State Listen | ForEach-Object {
	$port = $_.LocalPort
	$myPID = $_.OwningProcess
	$process = Get-Process -Pid $myPID | Select-Object -ExpandProperty ProcessName

	"Port: $port, PID: $myPID, Process: $process"
}

• Loopback vs Default route