Configure Port Discovery
Using the HD census of active IP devices, Asset Manager conducts a benign port scan that opens and gracefully closes the TCP service ports tested. Asset Manager avoids performing any application-level transactions because they can have unpredictable and undesirable effects on some systems.
Asset Manager records port open/closed status by sending the following packets for each targeted port and IP.
- TCP Syn
- TCP Syn/Ack Responses will result in TCP RST
Port List
The following is the default list of TCP ports used for Port Discovery in Asset Manager:
Vulnerable Ports
0,21-23,25,79,80,110,113,119,135,137,139,143,389,443,445,1002,1024-1050,1720,5000,8080
Infection Ports
21,23,25,80,113,137,139,555,666,1001,1025,1026,1028,1243,2000,5000,6667,6670,6711,6776,6969,7000,8080,12345,12346,21554,22222,27374,29559,31337,31338
If you do not select the Infectious and/or Vulnerable checkboxes in Port Discovery, you may still see the Asset Manager Network Index (LNI) chart showing a count greater than 0 associated with the Infectious and Vulnerable Ports columns.
Why? When you enter a port number in the following fields that is also on Asset Manager's Vulnerable or Infectious Port list, Asset Manager characterizes it as Vulnerable or Infectious, in appropriate reports.
- Path Discovery > Custom TCP Ports
- Host Discovery >Custom TCP Ports
- Ports Discovery > Custom TCP Ports
- Profile Discovery > HTTP Ports
- Profile Discovery > HTTPS Port
Configure Port Discovery
This procedure assumes that you have already created an Organization, Zone, and one or more Collectors. It also assumes that you've populated your Zone Network and Discovery Space lists. If you haven't completed these preliminaries or need more information on them, refer to . . .
- Create & Manage Organizations - Creating a container for all of your organization's zones
- Add & Manage Zones - Defining an area of the network to discover and index.
- Set Zone Networks & About Lists - Using the Known, Eligible, and Internal list buttons to identify the IPs and CIDRs composing your defined zone.
- Add & Manage Collectors
- Scope: Discovery Spaces - Telling your collector where in the network to do its job
- Add & Manage Lists (Zone Networks & Discovery Spaces)
To configure Device Profiling Discovery.
- Go to Settings > Zones.
- Select the zone and collector in which you want to configure Device Profiling Discovery.
- Populate the Custom TCP Port List with the following:
- Flat ASCII format, one entry per line
- Each entry is a port number and descriptor, separated by a space