Network Discovery for Server Inventory

Hello all,

I have not really posted on THWACK before but am having trouble completing a task that was assigned to my by management.  We want to run a regularly scheduled scan to identify all windows and linux servers on our network and use this for inventory purposes.

I know I can perform a network discovery and find MANY devices on my network.  I have an Active Directory service account with enough access to utilize WMI to discover/identify windows servers with no issues.  My problem is that we have Linux servers on our network that all have different credentials and are not configured (yet) for SNMP.  When I run a discovery it identifies these systems as IP Addresses (if no DNS entry had been assigned to them) and as ICMP only, along with many other devices.  

How am I able to be sure I am identifying only SERVERS and not network devices, VIPs, cluster IPs, etc?  Once we identify the IPs that we know there is a server OS associated with then I can work to whittle down the list by getting the application owner to install SNMP, etc.

Any assistance would be greatly appreciated.


  • Without access to the device in some way you can't tell that you are only hitting servers. Our internal standards have use placing certain things in certain parts of the network. Network gear for routing and switching goes in a specific range of each subnet. Servers, VIPs, virtualization hosts, storage gear, etc they all have specific locations on the network, so I know that if I want a server, not to look at my phone system subnet.

    Pinging something shouldn't hurt it, and if it does you likely need to protect it behind a firewall or something. You likely care because of node licensing? I am also going to assume you don't have a CMDB that you can trust for a list to start off of. I understand how it can be.

    When I started with Orion, I absolutely did large sweeps of IP ranges. I absolutely got back nodes with no DNS, no access granted to them, and all I did was ping an IP. if you need to bring in only servers, for whatever reason (license, political, project scope, etc.) then make sure that you are reviewing the discovery results manually. Let it find 'stuff' and add only what you know you want. Personally, I would take everything else and add it to a spreadsheet for follow up. Somebody where you work should care about all the things. And it may just be you need to figure it out.

    But yes, if you don't have access, then you have to figure it out the hard way. Now most places will require that servers are registered to DNS. I would nslookup the ips. Hopefully you even have a naming format that will clue you in on what that server is. Check ports that are open, maybe get traffic stats from switches. If you think there is a linux box there, is there a website on port 80 or 443, can you SSH into it at port 22. Its absolutely detective work, but if nobody ever tracked this stuff, you will be doing a very important task figuring it out.