Netstaldi: A Modular Distributed Architecture for Incremental Network Discovery

Maintaining a comprehensive understanding of a network's connected devices is fundamental for robust security. This knowledge is crucial for tasks like vulnerability assessments, identifying potential attack surfaces, and network mapping. In this paper, we propose Netstaldi, a distributed architecture specifically designed for incremental and secure network discovery. Our architecture leverages non-intrusive network scanning techniques based on standard TCP/IP protocols, eliminating the need for monitoring agents on individual devices. This approach prioritizes scalability, modularity, and resilience, making it well-suited to handle large and dynamic network environments. We have implemented a prototype system based on this architecture, utilizing established open source tools. This system has been successfully tested on a large, real-world network. The results are promising: the tool efficiently scans the entire network within a few hours, and the intuitive GUI allows administrators to interactively explore the generated network map to identify and address potential vulnerabilities and misconfigurations.