Target a certain network card for Rule executions using mgsipscan

Target a certain network card for Rule executions using mgsipscan

On your beacon rules that can execute (such as VMware rules) using the mgsipscan executable, however, there is no way in the GUI to set which network card you wish for the IPscan tool to actually use.  Usually, it will be able to work this out without setting this option but if you have 2 IPs that are the same coming from 2 network cards on your beacon you may need to force what card you wish for mgsipscan to inspect, fortunately, this can be set using the following process:

 

On your beacon, open up an admin cmd terminal and navigate to the following location

 1.png

Input: mgsipscan.exe –iflist and make note of your network adapter you with to target, in my case its eth4

2.png

 

Now do a test against this card with an IP address, in my case I used a client machine for the test

Input: mgsipscan.exe –e eth4 10.20.157.69

(Change IP and network card name as required)

3.png

 

Once we have confirmed as accessible that we can put this into the registry, make a string under

hklm\software\wow6432node\managesoft corp\managesoft\discovery\currentversion

string: defaultpingsweepoptions

value: -e eth4

4.png

Navigate to your beacon UI and start off the IP scan rule,

5.png

Wait 5 min or so for the rule to complete, then navigate to the path listed below and choose the latest folder in this location, sorting by modified date is useful

6.png

Open up the discovery.log in a notepad viewer

7.png

You should now see the IP argument targeting your chosen network card as we entered in the registry

8.png

It is worth noting that MGSIPSCAN.exe is a Flexera Branded version of Nmap- https://nmap.org/

so in theory, while I have not tested this you could feed it other Nmap arguments although your mileage may vary as this is unsupported by the flexera product

That said, here is a useful list of commands that could come in handy for this:

https://nmap.org/book/man-briefoptions.html

https://highon.coffee/blog/nmap-cheat-sheet/

Was this article helpful? Yes No
100% helpful (1/1)
Version history
Revision #:
1 of 1
Last update:
‎Jun 30, 2020 09:38 AM
Updated by:
 
Contributors