Under Review

Scanning for activity of IPv6 and NetBIOS

Hi,

I am looking for a way to have a query to detect all activity of NetBIOS and IPv6. These two ports need to be disabled on all network devices so I am looking for a query I can run on a monthly basis to confirm these ports are disabled.

From my understanding there are two places that these ports can be disabled. In the control panel as well as the registry. 

Has anyone ever built a query for these? Any help would be appreciated!

Thanks.

  • The existing Live Discover query "Display registry section" can be used to find out if IPV6 is enabled or disabled. The value to use when the query runs is as follows.
    - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents

    You can use the following key name to search for the NetBIOS option.
    - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\%\NetbiosOptions

    To find out if any recent IPV6 network activity has occurred, you can use the existing Live Discover Query "IP address activity". By using the first few octets of an IPV6 address followed by a wildcard "2604:3d08:%" you can expand your query to all devices on your network.