Network Detection and Interrogation Protocols

ARP is a network layer protocol designed to map an IP address to a physical device attached to the network and may be used to find the host's hardware address when only the IP address is known. As the ARP operates below the TCP it is not blocked by firewalls.

Default Protocols

ICMP is a TCP/IP network layer protocol that supports packets containing control, informational and error messages. We utilize the ICMP PING command which uses the ICMP echo functionality to query the network attached devices and determine the device type and/or Operating System from the TTL (Time To Live).

Although the ICMP is not assigned a port number, a number of firewalls will block PING requests by default. In some cases it may be necessary to exempt a range of IP addresses, or depending on the firewall enable PING support. Perhaps through a PING, Incoming PING or ICMP Echo Reply setting.

DNS allows device on a network to communicate via hostnames rather than IP addresses. Once the Discovery Agent has retrieved the IP address, it then runs a lookup to determine the name as reported by DNS.

SMB, called CIFS (Common Internet File System) is most commonly known as the Windows file-sharing protocol and is easily installed on non-Windows Operating System include Linux, Unix and Mac normally through Samba. Where SMB is enabled on the device it may be possible to retrieve details such as the host name, domain and Operating System version.

NetBios is used over TCP/IP or UDP to provide name services for Windows system, in addition to those non-Windows devices running SMB.

Apple's Bonjour is the most commonly used implementation of the mDNS protocol, also referred to as Zeroconf.

Its purpose is to allow devices to advertise themselves and their services on the local subnet, this is particularly useful in identifying not only Apple devices, but any other devices that support the mDNS protocol including printers and some Synology NAS

Please note, where multicasting is disabled on the network it will prevent mDNS from functioning.

Port scanning is useful for determining the services available on a device, that can help identify the device type.

Custom Protocols - Setup in the Configure Managed Network dialog

Configured on the All Devices view, the scan queries the network for SNMP enabled devices using the entered community string and returns the device name and description (where available).

Network Discovery currently supports SNMPv1

WMI is designed to remotely administer Windows devices and provides detailed scan information. Remote WMI is enabled by default where a device is joined to an Active Directory domain and can be remotely accessed by a Domain Administrator where the required ports are available through the firewall. On non Active Directory domains remote WMI is disabled by default.

Where configured the Telnet/SSH protocols are used to log in to a remote shell and execute simple command line scripts to determine the Operating System, version.

The primary difference between the two protocols is that SSH is encrypted with SSL, whilst Telnet is unencrypted.

Where the device serves a web configuration interface (Routers, Servers, Printers, NAS, etc) HTTP/HTTPS may be used to retrieve information from this webpage.

.