Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.
  • Madrid
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store

Port probes

Log in to subscribe to topics and get notified when content changes.

Port probes

Port probes are used in Discovery by the Shazzam probe to detect protocol activity on open ports on devices it encounters.

When a port probe encounters a protocol in use, the Shazzam sensor checks the port probe record to determine which classification probe to launch. The common protocols SSH, WMI, and SNMP in the out-of-box system have priority numbers that control the order in which they are launched. The WMI probe is always launched first, and if it is successful on a device, no other port probes are launched for that device. If the WMI probe is not successful, then the SSH probe gathers information on the device. The SNMP probe is always the last to scan, after the other port probes have failed. This method allows Discovery to classify a device correctly if the device is running more than one protocol (e.g. SSH and SNMP).

Port Probe Form

To access the Port Probe form, navigate to Discovery Definition > Port Probes. An out-of-box port probe record looks like this:
Figure 1. Discovery Port Probe 2
The Port Probe form provides the following fields:
Table 1. Port Probes
Field Input Value
Name Simple name for the port probe that reflects its function (e.g. snmp).
Description Definition of the acronym for the protocol. (e.g. ssh is Secure Shell Login).
Scanner Shazzam techniques for exploring a port. Some of these are protocol specific, and others are generic. For example, a WMI port probe will use a Scanner value of Generic TCP, and the snmp port probe uses a value of SNMP.
Conditional Runs this port probe if any one of the non-conditional probes return an open port. The conditional port probes in the out-of-box system attempt to resolve the names of Windows devices and DNS names. These ports probes take additional resources and are not used unless activity is detected on open ports.
CIs Indicates whether this port probe is enabled or disabled for discovering "Configuration Items".
IPs Indicates whether this port probe is enabled or disabled for discovering "IP addresses".
Active Indicates whether this port probe is enabled or disabled.
Triggered by services Indicates which services define the port usage. Use this setting to define non-standard port usage and pair the port number with the protocol.
Triggers probe Indicates which probe is triggered by the results of this port probe. This is the name of the appropriate classify probe.
Use classification Names the appropriate classification table, based on the protocol being explored.
Classification priority Establishes the priority in which this port probes must be run. If the first port probe fails, then the next probe runs on the device, and so forth, until the correct data is returned. This allows for the proper classification of a device that has two running protocols, such as SSH and SNMP. The default priorities for the Discovery protocols are:
  • 1 - WMI
  • 2 - SSH
  • 3 - SNMP