Target stops scanning at portdiscoverytcp command result

Owned by Mark Rispin
Last updated: Jun 24, 2020 by Daniel Stuart-KellyVersion comment

Problem

While port scanning an IP range, AS400 machines are only getting a short way into device discovery before stopping as seen here:

/Scan-192.0.2.17/[00015][192.0.2.17] <DeviceDiscovery> A(Device Discovery).S(TCP Open Ports) - Checking strategy 'TCP Open Ports' on context type=FoundDevice
/Scan-192.0.2.17/[00015][192.0.2.17] <DeviceDiscovery> A(Device Discovery).S(TCP Open Ports) - EXECUTING-STRATEGY:Executing strategy on iQuate.iQSonar.Schema.Model.FoundDevice (audit=Discovery@DD.2:PortDiscoveryTCP)
/Scan-192.0.2.17/[00015][192.0.2.17] <DeviceDiscovery> A(Device Discovery).S(TCP Open Ports) - Performance: 1495688599207ms 98.98652% 27333MB @+strategy:TCP Open Ports
/Scan-192.0.2.17/[00015][192.0.2.17] <DeviceDiscovery> A(Device Discovery).S(TCP Open Ports).P(TCP) - EXECUTING-COMMAND:Executing Command [portdiscoverytcp] using protocol TCP (audit=portdiscoverytcp)
/Scan-192.0.2.17/[00015][192.0.2.17] <DeviceDiscovery> A(Device Discovery).S(TCP Open Ports).P(TCP) - Performance: 1495688599207ms 0% 27333MB @+command:portdiscoverytcp
/Scan-192.0.2.17/[00016][192.0.2.17] <DeviceDiscovery> A(Device Discovery).S(TCP Open Ports).P(TCP) - Performance: 1495688600582ms 98.15347% 27357MB @-command:portdiscoverytcp
/Scan-192.0.2.17/[00016][192.0.2.17] <DeviceDiscovery> A(Device Discovery).S(TCP Open Ports).P(TCP) - COMMAND-RESULT: (audit=Result:System.String)
/Scan-192.0.2.17/[00016][192.0.2.17] <DeviceDiscovery> A(Device Discovery).S(TCP Open Ports).P(TCP) - EXECUTING-COMMAND:Executing Command [portdiscoverytcp] using protocol TCP (audit=portdiscoverytcp)
/Scan-192.0.2.17/[00016][192.0.2.17] <DeviceDiscovery> A(Device Discovery).S(TCP Open Ports).P(TCP) - Performance: 1495688600582ms 0% 27356MB @+command:portdiscoverytcp

After this entry the log stops updating. At this point there may also be high CPU utilization by a thread.


Solution

If you come across this situation please enable debug logging on the TCP connection as detailed here: Enable DEBUG for each connection and then rescan the IP assigned to the AS400 device. Open a ticket with iQuate support and attach the debug log generated.

This issue can also be avoided by excluding any IPs belonging to AS400 devices from the scan.

Related articles