Shazzam probe, port probes, and protocols

Port scanning is the first step in the Discovery process. The Shazzam probe performs port scanning, regardless of whether you use patterns for horizontal discovery. The following table lists the known ports and protocols used by Discovery.

Several port probes are available in the base system. Each port probe uses an IP Service, which is a record that tells Discovery which port to use for a specific protocol. Review this table before you block any ports with a firewall.
Caution: Make sure that you do not block any ports that Discovery needs.
Table 1. Default port probes and default IP services
Default port probe name Deafult classification Default IP Service, protocol and port
dns Process Classification [discovery_classy_proc] dns (port 53)
http HTTP Classification [discovery_classy_http] http (port 80) and https (port 443)
ip_phone SNMP Classification [discovery_classy_snmp] sip (port 5060)
osx Scan Results Application Classifier [discovery_classy_scan_app] afp (port 548)
printer Scan Results Application Classifier [discovery_classy_scan_app] hp-pdl-datastr (port 9100) and printer (port 515)
slp Process Classification [discovery_classy_proc] slp (port 427)
snmp SNMP Classification [discovery_classy_snmp] snmp (port 161)
ssh UNIX Classification [discovery_classy_unix] ssh (port 22)
vmapp Application Classification [discovery_classy_appl] vmapp_https (port 5480) and vmapp6_https (port 9443)
wbem CIM Classification [discovery_classy_cim] wbem_https (port 5989)
winrm Windows Classification [discovery_classy_windows] winrm (port 5985) and winrm_ssl (port 5986)
wins Process Classification [discovery_classy_proc] ms-nb-ns (port 137)
wmi Windows Classification [discovery_classy_windows] epmap (port 135)

This table shows you other common ports and protocols that Discovery uses.

Table 2. Discovery ports and protocols
Name Service name Port Details Creates Protocol
afp Apple File Protocol 548 TCP
BEA Weblogic 7001 cmdb_ci_app_server TCP
dns Domain Name Service 53 To resolve the name of each IP Address TCP/UDP
epmap Microsoft RPC (WMI, DCOM) 135 Windows Systems TCP
ftp 21 TCP
hp-pdl-datastr Printer PDL Data Stream 9100 HP Printers TCP
http HyperText Transfer Protocol 80 Web Servers cmdb_ci_web_server TCP
https HyperText Transfer Protocol over Secure Socket 443 Secure Web Servers cmdb_ci_web_server TCP
IBM DB2 50000 TCP
IBM MQSeries 1414 TCP
IBM Websphere 9080 TCP
IBM Web sphere SSL 9443 TCP
IMAPS 993 TCP
pip (Internet Print Protocol) IP Phone/ Session Initiation Protocol 5060 TCP
LDAP 389 TCP
LDAPs 636 TCP
Microsoft netbios 139 TCP
Microsoft-ds 445 TCP
ms-nb-ns 137 UDP
Microsoft SQL server 1433 TCP
MySQL 3306 TCP
Nagios NRPE 5666 TCP
nfs 2049 TCP/UDP
Oracle TNS 1521 TCP
POP3 110 TCP
postgresql 5432 cmdb_ci_database TCP
printer Printer 515 Printers TCP
sip SIP (Session Initiation Protocol) 5060 TCP
slp Service Location Protocol (SLP) 427 TCP/UDP
smtp TCP 25
smux (SNMP multiplexing) 199
snmp Simple Network Management Protocol 161 Network Devices UDP
snmptrap 162 UDP
ssh Secure Shell Service 22 Unix Systems TCP
sunrpc 111 TCP
telnet 23 TCP
TIBCO Rendezvous 7500 TCP
Tomcat HTTP 8080 TCP
vmapp6_https 9443 TCP
vmapp_https vCenter Server Appliance Web Interface using https 5480 TCP
wbem_https CIM-XML via HTTPS(WBEM) 5989 CIM Classification TCP
wins Windows Internet Name Service 137 NetBIOS Name Resolver UDP

Windows and dynamic ports

Windows machines can have dynamic ports in the following ranges:
  • Windows Server 2003: 1024-5000 for both TCP and UDP.
  • Windows Server 2008 and Vista: 49152-65535 for both TCP and UDP.