Selective port probe scanning

The order in which Port Probes are run is now prioritized by protocol.

Prioritization for Running Port Probes

Prioritization enables the proper classification of devices that have two protocols running, such as SSH and SNMP, without having to create a complex Discovery Behavior. Previously (in Basic discoveries), Discovery launched all port probes at once and attempted to classify devices based on the activity returned for any protocol. The common protocols WMI, SSH, and SNMP in the out-of-box system now are assigned configurable priority numbers that control the order in which they are launched. The WMI probe is launched first, and if it is successful on a device, no other port probes are launched for that device. If the WMI probe is not successful, then the SSH probe is launched. The SNMP probe is the last to launch, after the other port probes have failed.

The field called Classification priority was added to the Port Probe form. The out-of-box system prioritizes the use of port probes as follows:

  • 1 - WMI
  • 2 - SSH
  • 3 - SNMP

The WMI port probe runs first and then the WinRM probe. If WMI or WinRM activity is detected on a device, the Windows - Classify probe is launched (and no other port probes). If no WMI or WinRM activity is detected, Shazzam runs the SSH probe. If Shazzam successfully detects SSH activity, the UNIX classifier is launched. The SNMP port probe is launched only if no WMI or SSH activity is detected on a device. This ensures that the correct classifier probe is launched and the correct device data is returned.

Figure 1. Classification Priority field