Network Detection and Interrogation Protocols

Due to the wide variety of devices connected to the network the Discovery Agent employs a number of active and passive technologies to both detect the attached devices as well as retrieve any available information. The use of multiple technologies increases the prospect of returning details from the networked devices, where one method fails a subsequent method may succeed.

Depending on the protocol it may be necessary to enable the technology on the device and / or allow communication through the protocol's port to allow the Discovery Agent to retrieve information using this method.

The below tables provides details of the protocols in use and the associated ports used for communication (where required).




Active Detection

ARP (Address Resolution Protocol)


ARP is a network layer protocol designed to map an IP address to a physical device attached to the network and may be used to find the host's hardware address when only the IP address is known. As the ARP operates below the TCP it is not blocked by firewalls.

Active Interrogation

Default Protocols

ICMP (Internet Control Message Protocol)


ICMP is a TCP/IP network layer protocol that supports packets containing control, informational and error messages. We utilize the ICMP PING command which uses the ICMP echo functionality to query the network attached devices and determine the device type and/or Operating System from the TTL (Time To Live).

Although the ICMP is not assigned a port number, a number of firewalls will block PING requests by default. In some cases it may be necessary to exempt a range of IP addresses, or depending on the firewall enable PING support. Perhaps through a PING, Incoming PING or ICMP Echo Reply setting.

DNS (Domain Name Service)

UDP 53

DNS allows device on a network to communicate via hostnames rather than IP addresses. Once the Discovery Agent has retrieved the IP address, it then runs a lookup to determine the name as reported by DNS.

SMB (Server Message Block)

TCP 445

SMB, called CIFS (Common Internet File System) is most commonly known as the Windows file-sharing protocol and is easily installed on non-Windows Operating System include Linux, Unix and Mac normally through Samba. Where SMB is enabled on the device it may be possible to retrieve details such as the host name, domain and Operating System version.


UDP 137 & 138

NetBios is used over TCP/IP or UDP to provide name services for Windows system, in addition to those non-Windows devices running SMB.

mDNS/Bonjour - (multicastDNS)

UDP 5353

Multicast IPv4 address:

Apple's Bonjour is the most commonly used implementation of the mDNS protocol, also referred to as Zeroconf.

Its purpose is to allow devices to advertise themselves and their services on the local subnet, this is particularly useful in identifying not only Apple devices, but any other devices that support the mDNS protocol including printers and some Synology NAS

Please note, where multicasting is disabled on the network it will prevent mDNS from functioning.

TCP Port Scanning


Port scanning is useful for determining the services available on a device, that can help identify the device type.

Custom Protocols - Setup in the Configure Managed Network dialog

SNMP (Simple Network Management Protocol)

UDP 161

Configured on the Dashboard, the scan queries the network for SNMP enabled devices using the entered community string and returns the device name and description (where available).

Network Discovery currently supports SNMPv1

WMI (Windows Management Instrumentation)

TCP 135

TCP 1024-65535 Windows 2003

TCP 49152-65535 2008

WMI is designed to remotely administer Windows devices and provides detailed scan information. Remote WMI is enabled by default where a device is joined to an Active Directory domain and can be remotely accessed by a Domain Administrator where the required ports are available through the firewall. On non Active Directory domains remote WMI is disabled by default.

Telnet/SSH (Secure Shell)

TCP 23


Where configured the Telnet/SSH protocols are used to log in to a remote shell and execute simple command line scripts to determine the Operating System, version.

The primary difference between the two protocols is that SSH is encrypted with SSL, whilst Telnet is unencrypted.

HTTP/HTTPS (Hypertext Transport Protocol)

TCP 80/443

Where the device serves a web configuration interface (Routers, Servers, Printers, NAS, etc) HTTP/HTTPS may be used to retrieve information from this webpage.