Better OS Detection with RPC Endpoint Mapping
Accurate operating system identification is a critical first step in any IT discovery process. With the latest release of JDisc Discovery, we introduce RPC Endpoint Mapping, a powerful new protocol feature that significantly improves early-stage OS detection.
Without knowing whether a device runs Windows, Linux, or another OS family, automated discovery can stall – especially when access credential selection depends on that information.
What’s new?
RPC Endpoint Mapping is part of Microsoft’s RPC infrastructure and listens on TCP port 135. While commonly associated with Windows, it is also exposed by Linux systems running SAMBA, making it a valuable cross-platform indicator. By querying the RPC Endpoint Mapper, JDisc Discovery can now identify Windows systems and Linux systems running Samba, classify them by operating system family, and assign the Domain Controller role when a device operates as a domain controller.
Why RPC Endpoint Mapping Matters
OS detection via NetBIOS and SMB anonymous protocols typically yields only the primary device MAC address and, in some cases, Windows domain membership information and OS family. HTTP/S can sometimes reveal the OS family. However, these protocols are limited when it comes to identifying the OS family. As a result, you may have faced this problem: JDisc Discovery does not get details for my computer. What can I do?
This is where RPC Endpoint Mapping comes into play, offering the following advantages:
- Credential-free device type and OS family detection for Windows and Linux computers (running SAMBA)
- Earlier and more reliable device type and OS family classification
- Improved selection of access credentials for downstream protocols such as WMI, SMB and SSH
Protocols such as WMI, SSH, and SMB typically depend on prior knowledge of the target system’s operating system family in order to authenticate correctly. By detecting OS family information early in the discovery process, RPC Endpoint Mapping serves as an enabler for downstream protocols providing numerous benefits, including:
- Faster discovery job runs
- Fewer failed login attempts
- Reduced manual configuration
- Higher accuracy in heterogeneous environments
To give you a bit of context, here are some figures collected from our lab environment. Out of 20 Windows computers running different Windows client and server operating systems:
- RPC Endpoint Mapping identifies 19 systems with their OS family
- NetBIOS anonymous detects 11 systems and retrieves their MAC addresses, but does not identify the OS family for any of them
- HTTP/S identifies 2 systems with their OS family
- SMB anonymous identifies 1 system with its OS family and retrieves MAC addresses for 2 systems
It seems that RPC Endpoint Mapping delivers the highest detection rate among the four credential-free protocols.
Seamless Integration
The feature is fully integrated into JDisc Discovery and works automatically within the existing discovery process. No additional configuration or credentials are required. If you’re curious about what RPC endpoints look like, you can view them in the Device Details report within the Discovery Log. The number of endpoints can vary significantly depending on the operating system, as well as the installed features and server roles.
Currently, JDisc Discovery extracts only the OS family and Domain Controller role from RPC endpoint data. Going forward, however, this information could provide deeper insights into a device’s features and security posture – for example, indicating whether services such as the Remote Registry are enabled. Let us know if you have further insights on this topic or ideas about additional benefits that could be implemented based on the endpoint information.
The RPC Endpoint Mapping protocol is enabled by default, so no additional configuration is required. Simply let JDisc Discovery take care of the rest. With RPC Endpoint Mapping, JDisc Discovery becomes even smarter at identifying systems early and reliably. It’s a small protocol addition with a significant impact on discovery quality – making discovery faster, more robust, and easier to operate.
I hope this new feature helps you streamline and accelerate your discovery process, delivering faster insights and more efficient, reliable results across your environment.
Cheers Thomas
