8 Replies Latest reply on Jan 12, 2018 8:44 AM by phoffmann

    Unmanaged Device Discovery Scan not displaying results

    Rookie

      Hello All,

       

      I am in the process of testing our new windows 10 image and I am running into a few problems.

       

      The first being that I cannot push the agent to the machine. When running the UDD scan for the IP used by the machine, the scanner claims to have found it. However nothing appears in the Find results or in any other category. Has anyone else seen this issue?

       

      I am running version 10.1.10.287

       

      udd.PNG

        • 1. Re: Unmanaged Device Discovery Scan not displaying results
          phoffmann SupportEmployee

          Have you enabled the relevant subnet on the Core side?

           

          See this article -- Configuring and Installing Extended Device Discovery (XDD) Best Known Method .

           

          Check especially the section about "Understanding XDD IP address filtering".

           

          Check if that applies?

          • 2. Re: Unmanaged Device Discovery Scan not displaying results
            Rookie

            Thanks for the response! Unfortunately the Core and the Client are on the same Subnet so I don't believe that IP filtering is the issue.

            • 3. Re: Unmanaged Device Discovery Scan not displaying results
              phoffmann SupportEmployee

              Oh wait - that's UDD as well, not XDD.

               

              Hrmm - what options are you using on the UDD scan? Can you include a screenshot of that (don't need to see the IP's - just curious of what checkboxes you're hitting up).

              • 4. Re: Unmanaged Device Discovery Scan not displaying results
                phoffmann SupportEmployee

                Also, since UDD is basically running NMAP, you could run the NMAP from the Core via command line & see what that gives you.

                 

                Here's a few starting points:

                 

                 

                official nmap submittal scan:

                   nmap -O -sSU -F -T4 -d <target(s)>

                 

                A dev's recommended bug submittal scan:

                   nmap -O -sSU -F -T4 -d -v -PN {target IP addresses} -oX {output.xml filename} > {output.txt}

                 

                key things to look for:

                    * open AND closed TCP ports (at least one of each) for each machine

                    * ports that are open (or closed) for ALL machines; can indicate a router falsifying data

                    * "osclass" and "osmatch" sections in XML output

                 

                common command line options:

                    -PN    don't do ICMP ping; use ARP to discover if there's a machine to scan

                    -sS      TCP/SYN scan (standard method of "surprising" a TCP/IP stack to get reaction)

                    -sU     UDP scan (scan for open UDP ports, too; can help resolve OS, but less useful than TCP scan)

                    -sV     Version scan (try to determine service running on "open" ports)

                    -O      OS scan (report a guess about which OS is responding)

                    -F       only use frequenly open ports (faster than scanning all ports)

                    -T4     timing (5=insane, 4=LAN/aggressive, 3=normal, 2=WAN/polite, 1=stealth, 0=paranoid)

                    -v       verbose output; can use multiple times

                    -d       debug output; more technical information about process

                    -oX     output results to XML file

                    -oA    all forms of output (.xml, .nmap, .gnmap)

                 

                Note that it *IS* possible to harden a box so much that none of this stuff will get much of a response (a constant battle we're fighting with device discovery, as "discoverable devices" are a security risk as well now). But you may get more out of this as a starting point .

                • 5. Re: Unmanaged Device Discovery Scan not displaying results
                  Rookie

                  Here are the settings for the scan. The IP range is just the IP of the machine.

                   

                  settings.PNG

                  • 6. Re: Unmanaged Device Discovery Scan not displaying results
                    phoffmann SupportEmployee

                    Yep - OK - that makes sense.

                     

                    See what the NMAP command-line has to say for itself ... that may be interesting / enlightening.

                     

                    As an alternative (if you can have access to the device) ... turn the firewall off on it, and see if that helps (it's a brute force "yes/no" type check).

                     

                    OTHERWISE ... the main reason why a device wouldn't get picked up during a UDD scan is because it exists in the console already ... you may want to check for devices that have a deviceID of "Unassigned" (we check against a known MAC-address).

                     

                    Alternatively, have a peek at your COMPUTER table (if you're comfortable with SQL?) with a SQL query like this for instance.

                    select * from COMPUTER where DEVICEID = 'Unassigned'
                    

                     

                    or something like

                    select * from COMPUTER where DEVICEID != '{%'
                    
                    • 7. Re: Unmanaged Device Discovery Scan not displaying results
                      Rookie

                      Wow I'm a fool. It was hidden in my inventory under a crazy name. I removed it and then it appeared in the scans.

                      Thanks for all your help!

                      • 8. Re: Unmanaged Device Discovery Scan not displaying results
                        phoffmann SupportEmployee

                        Heh - no worries. Happy to hear it was something straightforward!