Log in

www.softinventive.com

  1. Documentation Center
  2. English
  3. Total Network Inventory
  4. Technical White Paper
Table of contents
  1. 1. Terms
  2. 2. 1. Minimal system requirements for the administrator module
  3. 3.  2. System requirements for scanned computers
  4. 4. 3. Description of technology
  5. 5. 3.1. Agent method
  6. 6. 3.2. Agent-free method
  7. 7. 3.3. Manual method
  8. 8. 4. Scanning overhead
  9. 9. 5. Potential risks

Technical White Paper

Terms

Administrator module (also main program, server module) — GUI application that is operated by the person who performs network inventory, and is installed either on a workstation or on a server, and allows remote scanning of networked computers and other devices, viewing collected information and building reports.

Agent — standalone Win32-executable that can be used to scan local computer (when run manually), or remote computers (when run by administrator module remotely or by domain logon script).

Helper service — standalone Win32-executable which represents Windows service and helps administrator module to run the agent on remote computers.

TNI — abbreviation from "Total Network Inventory", name and trademark of the described application.

1. Minimal system requirements for the administrator module

CPU: 1000 MHz.
Memory: 512 Mb.
Disk space: 30 Mb for installation plus 1-2 Mb for each scanned computer.
Network: TCP/IP.
Operating system: Windows 2000 / Windows 2000 Server.

 2. System requirements for scanned computers

This software implements two methods of connection to remote computers. Requirements and specifications for them are different.

  Agent method Agent-free method
CPU 500 MHz 500 MHz
Memory 64 Mb 64 Mb
Disk space 2 Mb 1 Mb
TCP ports 139, 445 135, random ports above 1024
Services Server, Windows Management Instrumentation, Remote Procedure Call, Remote Registry Windows Management Instrumentation, Remote Procedure Call
Resources ipc$, admin$ TCP ports 135 and above 1024
Protocols SMB / NetBIOS / TCP/IP RPC/ TCP/IP
Operating system Windows NT4 / 2000 / XP Pro / Vista / 2000 Server / 2003 Server / 2008 Server Windows 95 / 98 / NT4 / 2000 / XP Pro / Vista / 2000 Server / 2003 Server / 2008 Server

3. Description of technology

With any method of connection, TNI uses Windows Management Instrumentation — Microsoft implementation of Web-Based Enterprise Management (WBEM) for Microsoft Windows operating systems. WBEM is a standard defined by Distributed Management Task Force (DMTF), it represents a set of systems management technologies developed to unify the management of distributed computing environments. With this technology, TNI retrieves hardware, software and registry information about the inventoried computers. Two methods of connections are interchangeable and the program tries them both, if one of them fails, by default.

3.1. Agent method

When using this method of connection, TNI uploads two executables: agent (tniaudit.exe) and helper service (tniservice.exe) to the administrator share "admin$" on the remote computer, which points to Windows directory. Then it connects to the Service Control Manager of that computer, installs the helper service and runs it. This service, in its turn, runs the agent locally. The agent scans the computer, gathers the information about the computer and saves it to an XML file, which can be compressed for the purpose of network traffic saving. Then both the agent and the service stop. Main module detects this event, moves the XML file to its database, uninstalls the service and removes the executables, if allowed by the program settings.

3.2. Agent-free method

When using this method of connection, TNI connects directly to the WMI service via RPC protocol. All information is gathered remotely and no files are uploaded to the remote computers.

3.3. Manual method

Agent "tniaudit.exe" can be run manually on a standalone computer. It generates an XML file which should be put to the program's database folder and can be added to the database by main menu command "Tools – Refresh data storage folder". This agent can also be run by domain logon script. Command-line switch "/scripted" can be used to do silent scan.

4. Scanning overhead

All scanning methods require processing power, so there is a slight drop of performance when a computer is being scanned, however it usually takes only 1-2 minutes.

On-line (or on-demand) scan methods also require network bandwidth. Here are the example figures for scanning of average Windows XP computer. Upload means information uploaded to the scanned computer, and download – information downloaded from the scanned computer. Figures include network protocols overhead:

Agent with compression: upload 0.9 MB, download 0.21 MB.
Agent without compression: upload 0.9 MB, download 1.67 MB.
Comment: two executables under 0.5 MB in total are uploaded to the computer. It is possible optionally to leave them on computers and reuse during further scans, which will decrease upload traffic below 100 KB.

Agent-free full inventory: upload 140.44 MB, download 10.97 MB.
Agent-free without installed software: upload 1.96 MB, download 6.41 MB.
Comment: inventory of installed software is made by remote querying of system registry via WMI. Somewhy this generates a lot of traffic, and the more items of installed software is present on a computer, the bigger is traffic. This particular computer had about 300 items of installed software in the uninstall section of the registry. Testing of competitive products shows that this is a common situation.

5. Potential risks

Out of many thousands users and testers, only two or three people reported that their Windows XP (probably with SP2) computers were rebooted when using agent-free method (however agent method worked fine always). Only one of this cases was possible to investigate further and it happened that simple WMI querying  with VB-script also caused reboots, so it is obviously a rare vulnerability in the RPC protocol.

Page last modified 15:39, 3 Apr 2009 by Admin

Tags:

Files (0)