iQSonar ScanEngine can be use as IP discovery tool in your Estate and we will look on requirements and setup of the Project to scan an IP space for Devices.
Before we dive into the setup lets focus on what IP Discovery is/does and what it is not/does not do.
By IP Discovery we mean that given IP space (Single IP Address or Subnet or Range of IP's) will be scanned by iQSonar in order to find out, if an IP address does have an Device attached to it, secondly, if so what basic ports is this device listen to on.
As we can see there are two parts to IP Discovery.
1: ICMP Discovery:
ScanEngine will PING an given IP address and awaits an respond, if there is an Device capable to respond to PING ScanEngine will mark the IP in question as success and move to the second part of the IP Discovery.
2: TCP Discovery or PORT Scan.
Once we know that there is actual Device using the IP discovered in step 1, ScanEngine will scan Basic/Common PORT's in order to "guess" what type of the Device is it.
The Basic/Common PORT's we will scan by default are: 22,23,80,443,135,139,445,5985,5986,902, but this can be adjusted if needed to include any unusual Port's used in the Estate.
Based on the outcome of the Port scan we will "guess" what type of the Device it is and append an Suspected OS to it, if applicable or, if the certainty is high enough to guess the OS.
NOTE: As mentioned above we really guess the OS and that is due to fact that ScanEngine will NOT ATTEMPT to log in into the found Device.
How to set up an IP Discovery Project.
Prerequisites:
It's highly recommended to use one ScanEngine per 0.5 million IP's or /13 Subnet, per Location. This will speed up the Discovery process.
We recommend to disable Target logging as well, so the ScanEngine performance on Disk IO will be as minimal as possible. There will be nothing to report in the Targets logs anyway and therefore are not required for any troubleshooting purpose.