Overview3
- Andy Trayler
In general, the amount of network traffic needed can be throttled and controlled.
With sufficient configuration and attention, the amount of network traffic generated for any one physical site within a customer network can be controlled so that slower network locations are inventoried less aggressively, requiring less network bandwidth, while core network segments are aggressively inventoried, decreasing the time taken to audit the bulk of the network.
The network utilization and bandwidth requirements of the Scan Engine depends on configuration of the services based on the requirements on any given customer site.
For an unmodified Scan Engine installation, bandwidth utilization of approximately 3Mb/sec can be expected. This value is subject to spikes and is not a flat utilisation of the network.
The above graph identifies the data flow from the Scan Engine with the X-Axis show timing in seconds and the Y-Axis showing with Network traffic in Bytes per 10 sec intervals (peak value of 50,000,00 bytes approximates to 50 MB). This diagram also identifies that the scanning operation is composed of spikes of network traffic and troughs of low band-width usage. This is typical of a scanning operation.
The speed at which an inventory runs is a function of network capability, speed of database server and scanning server configuration. The faster that the Scan Engine is configured to run, the more bandwidth is required.
Default Discovery Ports
Port |
Description |
21 |
FTP control (command) |
22 |
SSH used for secure logins file transfers (scp, sftp) and port forwarding |
23 |
Telnet protocol unencrypted text communications |
25 |
Simple Mail Transfer Protocol (SMTP) used for e-mail routing between mail servers |
80 |
Hypertext Transfer Protocol (HTTP) |
110 |
Post Office Protocol 3 (POP3) |
135 |
DCE endpoint resolution |
139 |
NetBIOS Session Service |
143 |
Internet Message Access Protocol (IMAP) used for retrieving, organizing and synchronizing e-mail messages |
443 |
Hypertext Transfer Protocol over TLS/SSL (HTTPS) |
445 |
Microsoft-DS SMB file sharing |
1520 |
Oracle database common alternative for listener |
1521 |
Oracle database default listener |
1522 1529 |
Oracle database common alternative for listener |
3389 |
Microsoft Terminal Server (RDP) officially registered as Windows Based Terminal (WBT) |
7001 |
Default for BEA WebLogic Servers HTTP server though often changed during installation |
Default Inventory Ports
Port |
Function |
22 |
Secure Shell (SSH) used for secure logins file transfers (scp, sftp) and port forwarding |
23 |
Telnet protocol unencrypted text communications |
80 |
Hypertext Transfer Protocol (HTTP) |
135 |
DCE endpoint resolution |
139 |
NetBIOS Session Service |
443 |
Hypertext Transfer Protocol over TLS/SSL (HTTPS) |
445 |
Microsoft-DS SMB file sharing |
1520- 1529 |
Oracle database Listener |
1975 |
Custom Oracle Database Port |
2025 |
Sybase ASE default 2025 |
2809 |
corbaloc:iiop URL per the CORBA 3.0.3 specification |
3389 |
Microsoft Terminal Server (RDP) officially registered as Windows Based Terminal (WBT) |
4100 |
Sybase ASE default 4100 |
5000 |
Sybase ASE default 5000 |
8880 |
cddbp-alt CD Database (CDDB) protocol (CDDBP) alternate |
9043 |
WebSphere Application Server Administration Console secure |
9060 |
WebSphere Application Server Administration Console |
9080 |
glrpc Groove Collaboration software GLRPC |
9088 |
Informix default port #2 |
9090 |
Openfire Administration Console |
9100 |
PDL Data Stream |
9402 |
WebSphere Port |
9443 |
WebSphere Port |
Key Terms, Links and Emails
Term |
Definition |
Clustering |
When there are multiple devices acting as one |
CMDB |
Configuration Management Database |
Discovery |
The Scan Engine attempts to find all devices or applications on a network (IP range, hostname, port, etc.) |
Discovery Source Feature |
A feature which allows users to restrict scans using database configuration |
Found Device |
Items (devices) found during a discovery scan |
IIS |
Internet Information Services |
Inventory Scan |
When the Scan Engine scans the items found during the discovery scan |
NETBIOS |
Network Basic Input/Output System is a program that allows applications on different computers to communicate within a local area network (LAN). |
SSH |
Secure Shell (SSH) is a network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers. |
Support Email |
support@iquate.com |
Turnover |
Devices entering and leaving often on a network |
Virtualization |
A virtual version of a device running on a physical host |
This page was left intentionally blank.