I agree that passive sniffing will give a good view of what is happening on the network. My argument is that if using two scanners (which I don't see anything wrong with the approach) then they should be configured comparably. That is, if one is scanning for all ports so should the other. Trying to limit one based on the results of the other is guaranteed to not give any new results and does not make any real comparison.
In my particular case we are getting mac notify events from many of the switches which serves as another data feed and I am currently tying things together so that scans can be triggered (shortly after) a system connects to our network. In my opinion there is some synergy between these things that can be tapped to improve things overall. Tim Doty -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ron Gula Sent: Tuesday, September 02, 2008 9:07 AM To: [email protected] Subject: Re: Command line report export Doty, Timothy T. wrote: > I don't have a reason for the above to be the case, it is simply what I have > observed. Consequently I run both nmap and nessus and compare the results of > the two. It is the closest I can get to a view of what is really on the > network. I get this question from customers very often when they want to compare the results from Nessus and NMAP, or Nessus and some other vulnerability scanner. I usually ask them to start with how two scans with Nessus compare with each other before they start comparing other technologies. If they have inconsistencies here, it could be any number of reasons such as network performance, network volatility, performance of the scanner, .etc. Even if you like your active scans, adding in realtime passive monitoring gives you another view. Tenable has a lot of customers that use this blended approach to either not perform scans of super-sensitive devices, or to ease up on the amount of scans needed to be completed. Regardless, performing a full 65k port scan with any scanner takes time and simply sniffing for what ports are open can tell you the ones that are in use. Ron Gula Tenable Network Security _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
