Features. Scans local networks as well as Internet.
IP Range, Random or file in any format. Exports results into many formats.
Extensible with many data fetchers. Provides command-line interface. Over downloads. Free and open-source. Works on Windows, Mac and Linux.
Installation not required Description Angry IP Scanner (or simply ipscan) is an open-source and cross-platform network scanner designed to be fast and simple to use. It scans IP addresses and ports as well as has. It is widely used by network administrators and just curious users around the world, including large and small enterprises, banks, and government agencies. It runs on Linux, Windows, and Mac OS X, possibly supporting other platforms as well.
The command I used to scan the subnet was: nmap -PR -oN nmap-arpscan.txt 192.168.0.0/16 This scanned the entire 192.168.0.0/16 network and logged the results to a text file called nmap-arpscan.txt for later review. Remote network MAC scanner Need to know the MAC addresses of devices connected to remote subnets? Run the MAC address discovery tool on a laptop that can plug into the remote subnet to search for MAC addresses on the network.
Introduction: Network subnet scan is used to discover IP addresses of devices in the network. The devices discovered this way are further probed using SNMP to fingerprint and classify/profile the devices.
Environment: Subnet Scan was introduced from CPPM 5.2 Configuration Steps: How to configure, Go to Configuration Profile Settings Add the Subnets to scan. Subnet scan interval can be configured under Administration Server Manager Server Configuration Cluster-Wide Parameters. Note: Subnets to scan are configured per CPPM Zone. This is particularly useful in deployments that are geographically distributed.
In such deployments, it is recommended that you assign the CPPM nodes in a cluster to multiple “Zones” (from Administration - Server Configuration - Manage Policy Manager Zones) depending on the geographical area served by that node, and enable Profile on atleast one node per zone. Answer: How Subnet scan works, After you configure the Subnet scan, ClearPass will try to ping the devices(available ip pool) in the subnet. The below screen capture confirms that ClearPass server(10.17.164.13) is trying to ping the devices in the subnet 10.17.169.0.
Once received ICMP response from the devices, ClearPass will send out a SNMP get-request to fetch the SNMP System Description and Device Name (OID//Fingerprint). Devices getting back with SNMP get-response will be profiled with the submitted details. The below packets capture will explain, how ClearPass profiled the Aruba Controller(10.17.169.10) via Subnet scan. SNMP get-request from ClearPass to Controller. SNMP get-response from Controller to ClearPass.
Profiled devices can be found under Monitoring Live monitoring Endpoint Profiler & Configuration Identity Endpoints. Notes: Configured subnets should be reachable by ClearPass. ClearPass uses default SNMP community string 'public' UDP port (SNMP) 161 should be allowed between ClearPass and the devices. If you see any devices get profiled with Device Category/OS Family/Name as Unknown, please collect the devices fingerprints from ClearPass and open up a TAC ticket to get the fingerprint added to the existing dictionary. Fingerprint can be collected from Endpoint click on the MAC address Show Fingerprint.
Anand Thank you for the great explanation. Seems like there is no ARP-only discovery. That is, if SNMP is not enabled on endpoints (I believe it is not by default), then the subnet scan will not find clients in the subnet and add their MAC address while the rest is unknown.
Is that correct? When I run the sbunet scan no new device is added to the endpoint db (and there are quite a lot). To verify that, I installed the SNMP service on a windows device on the specific subnet, with custom community, and added this SNMP profile to the list in CPPM. Still, no device was added to the endpoint DB. Am I missing something fundemental, or indeed the subnet scan is not so effective to find devices? Thank you Sagi. Hi Sagi, The SNMP based subnet scan is a generic scan, i will not be able to populate the endpoint if - 1: SNMP string is incorrect 2: Device does not responds to SNMP.
We hvae an option on 6.6.x to change the default SNMP string to a custom one, we can set it under Configuration - Profile Settings. However as mentioned above, this will only work for devices which respond to the SNMP poll from CPPM. If the user case is to update all static devices hosts terminating on a given switch, we just need to add SNMP details of that switch under Configuration - Network- Devices. CPPM would then try to update endpoints based on ARP table entries along with CDP/LLDP whichever the switch will support.
Regards, Quamruz.