2 Replies Latest reply on Mar 4, 2009 9:10 AM by Craig Norborg

    What is the logic behind "scanning"?

    Craig Norborg

      I'm a bit curious of the logic or intended behavior of the scanning system.  Out of the box I did a scan of a /22 subnet and it looked like it worked fine, discovered about four hundred devices.  I then noticed that you could set SNMP communities, so I put in 3 more SNMP communities, one for our network devices, one for our servers, and then I put in "private" in addition to leaving "public".  I thought that an easy way to identify machines that still had private/public since its against our rules.

      I then redid the scan to see what effect it had and the only thing I could see happening is that it picked up some info via the System MIB it appeared, but then it dropped about half the IP's into a "transient" state.   This is a server subnet, so I know the devices are still there, but they don't show up and I've tried rescanning several times...

      I would say more than half the devices in the "Active" classification didn't respond to SNMP, I'm pretty sure our server guys are locking SNMP down to mainly their monitoring station.  All of the devices in the "transient" section don't appear to have responded to SNMP.

      So, the question is, why did that many devices get reclassified as Transient?   Is there a limit to the # of SNMP communities you can use?  I would think this would work like a normal SNMP scan in the Engineers toolkit for which there isn't really a limit.   And why are they considered Transient?  Not responding to a ping or something?  Is this behavior adjustable at all?

      I guess I'd love to have more transparency in how it works...

        • Re: What is the logic behind "scanning"?
          bshopp

          Great question.

          The behavior you are describing is odd, so we are looking into it to see if we can reproduce what you are experiencing.  

          The IP should not go into a Transient state if if responds to ping, but not SNMP.  It should only go into a Transient state when it was responding to one of those methods and is no longer responding indicating the IP may now potentially be open.  By default we set Transient state at 7 days (which you can change), after which if we get no response for that time period, we return that IP backed to Available.  Hopefully that explanation makes sense?

          I will let you know what we find on our side and if a defect, one will be filed.

            • Re: What is the logic behind "scanning"?
              Craig Norborg

              Ok, let me know if you want me to do anything, I was thinking of removing the SNMP communities and scanning again, but haven't so far.

               

              Or if there is any logging we can turn on to track the logic somehow, let me know...  I'd really like this ability in an end-product BTW.  The ability to turn on debugging and log things is always a good thing!!