Network devices discovery

Unlike regular network scans which detect TCP ports, network device discoveries detect open UDP ports. The SNMP port (161) in particular is commonly used.

On a network that blocks ICMP packets, each port may take a significant amount of time to scan.

Creating a network devices discovery

  1. Go to the Discoveries menu and click Add.
  2. In the Network ranges section, choose Network devices.
  3. Give the discovery a name.
  4. Select as Source the node that will perform the scan.
  5. Enter the target as a CIDR range (e.g. 192.168.1.1/24), IP address or domain name. Multiple targets can be specified by separating them with a space. For the full list of supported syntaxes, see Nmap’s documentation.
  6. (Optional) Define the ports targeted by the scan. If no port is specified, Cyberwatch will scan port 161 (SNMP).
  7. Define a recurrence. The default value of 0 days will cause the scan to run only once.
  8. Confirm.

Registering discovered assets

Discovered network devices can be scanned via SNMP as agentless connections. Automatic registration can be configured from the discovery edition form, provided that the credentials are always the same.

If different credentials need to be specified on a case-by-case basis, it is also possible to register them from the list of discovered assets or directly from menu Assets management > Agentless connections.

Hybrid TCP/UDP scan

If it is desirable to detect open TCP ports in addition to UDP ports, TCP ports can be prefixed with T: and UDP ports with U:. For example, T:22,U:161 will detect devices listening for SSH in addition to those listening for SNMP.

This syntax is also supported by Network scan discoveries.

Back to top