...
As we can see there are two parts to IP Discovery.
1: ICMP Discovery:
ScanEngine will PING an a given IP address and awaits an respond, if there is an Device capable to respond to PING ScanEngine will mark the IP in question as success and move to the second part of the IP Discovery.
...
Based on the outcome of the Port scan we will "guess" what type of the Device it is and append an Suspected OS to it, if applicable or, if the certainty is high enough to guess the OS.
NOTE: As mentioned above we really guess the OS and that is due to fact that ScanEngine will NOT ATTEMPT to log in into the found Device.
How to set up an IP Discovery Project.
...
It's highly recommended to use one ScanEngine per 0.5 million IP's or /13 Subnet, per Location. This will speed up the Discovery process.
We recommend to disable Target logging as well, so the ScanEngine performance on Disk IO will be as minimal as possible. There will be nothing to report in the Targets logs anyway and therefore are not required for any troubleshooting purpose.
Target logging disable:
...
2: In the Config navigate to part where appender-ref part is as shown bellow and comment out the part for <appender-ref ref="TargetFileAppender"/> shown in green.
NOTE: This is ordinary XML file format and there for XML stile is required.
</appender>
<root>
<level value="FATAL"/>
<!--<appender-ref ref="TargetFileAppender"/>-->
<appender-ref ref="LogFileAppender"/>
<appender-ref ref="ConsoleAppender"/>
<appender-ref ref="TraceAppender"/>
<appender-ref ref="ContextAppender"/>
<appender-ref ref="EventLogAppender"/>
</root>
...
.
4: Target log creation is disabled now.
Let's now focus on how to create and set up the Location with all necessary Connections and Product Adapters for IP Discovery only.
...
- Lets add an Subnet we would like to scan, create a Sub-Location (One Location per ScanEngine Adjust the Server Settings accordingly to set appropriated ScanEngine for the Location) Details page can be left as is, Scan Window can be setup if needed. Target sets, click on Create
Choose Target as Device
Type as Subnet
Name is mandatory: We will use IPSubnet24 in this example.
Start IP will be Subnet first IP: 192.168.1.0 NOTE: https://kthx.at/subnetmask/ List of Subnets with all details
Subnet Mask Bits: 24
Click on Save & Close
...
2. Connections setup.
For IP Discovery we need to disable all Connections and Enable only ICMP Provider and TCP Provider and save the changes.
3. Product Adapters set up.
Once again we disable all adapters and enable only Device Discovery, save changes.
4. Locations are set up now, we wont be adding any Credentials as we don't need these. Now we can set up an Project as usually and start our IP Discovery scan.
Make sure that ALL Product Adapters are disable and only DEVICE DISCOVERY is enabled. Finish the Project setup and now we can run our IP Discovery for 192.168.1.0 /24 Subnet IP space.
Results diagnostics:
- Project Summary page will show how many Targets we setup to scan and how many Devices scan did find.
- Diagnostics page will show more details about each found device as shown bellow
3. Getting the results from the iQSonarSE DB.
To get the list of Found Devices run the SQL query against the iQSonarSE DB. The query will give us list which can be saved as CSV with Headers.
SELECT j.JobID, j.IPAddress, j.StartDate AS [Scan Start],j.EndDate AS [Scan Ends], fd.SuspectedOS FROM jobs.t_job j
join history.t_ArtifactHistory ah ON ah.JobID = j.JobID
join model.t_FoundDevice fd ON fd.FoundDeviceID = ah.ObjectID
WHERE ObjectType = 'FoundDevice'
and DeviceID is null