I started with a basic ping scan of the network, but abandoned this after watching the application trudge through the network. The few machines it scanned showed several services running, which I verified. NetRAT is slow because it does more than tap the port (open and close the connection); it opens a connection and queries the service to determine if the port and service match.
Discovery via Windows workgroups/domains was much quicker and yielded the in-depth information I had anticipated. NetRAT displayed every domain and workgroup on the network and caught one I hadn't realized existed. By logging into individual systems as a user with administrative rights, I could examine accounts and system information, including rights, groups and auditing data.
click to enlarge
NetRAT's SNMP discovery handles v1 and v2 equally well, and its SNMP scan is much faster than its ping and port scans. Detailed information is returned via SNMP discovery for devices as well as machines. I pulled detailed information from our Cisco routers and switches, IP and interface statistics, and general system information. NetRAT says it plans to support Unix and Novell next.