Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Install and uninstall Nmap on a MID Server

Install and uninstall Nmap on a MID Server

If you decide to use credential-less Discovery in your network, install Nmap on each Windows MID Server that you want to use for this purpose. Self-hosted customers whose network security does not permit downloads from install.service-now.com must use a specific manual process to install and configure Nmap.

Before you begin

  • Assign MID Server IP ranges to all deployed MID Servers. The quickest and most reliable way to do this is with the MID Server IP range auto-assignment feature available in the ITOM Guided Setup. This method ensures that the set of MID Servers configured to access an IP address range is comprehensive.
  • Identify the IP ranges you want to explore with credential-less Discovery. Ensure that these ranges can only be accessed by MID Servers with Nmap installed, running on supported Windows hosts.
  • Use the All option for selecting IP ranges and observe these requirements:
    • Restrict the use of this feature to Windows MID Servers only.
    • Ensure that Nmap is installed on each of these MID Servers.
    • Ensure that the MID Servers can access the entire customer network.
  • When you create a Discovery schedule with Nmap enabled, observe these requirements for the MID Server selection options:
    • Specific MID Cluster: Verify that Nmap is installed on all MID Servers in the cluster, where each MID in the cluster is configured to access the same set of MID Server IP ranges.
    • Auto-Select Mid Server: When running horizontal Discovery, verify that Nmap is installed on at least one of the MID Servers that can access the Discovery schedule’s configured MID Server IP ranges.
    • Specific MID Server: Verify that Nmap is installed on each MID Server that can access the schedule’s configured MID Server IP Ranges.
      Note: To use credential-less Discovery for Service Mapping, install Nmap on all MID Servers that can access the Discovery schedule’s configured MID Server IP ranges.

Role required: agent_admin

About this task

Note: Self-hosted customers whose network security does not permit downloads from install.service-now.com must install and configure Nmap manually on their system. Refer to the procedure here for installing Nmap on a self-hosted system.
The Discovery - IP Based [com.snc.discovery.ip_based] plugin provides the installer for Nmap and the programming elements that allow a Windows MID Server to run approved scripts on target CIs for credential-less Discovery. MID Servers on which Nmap is installed can execute an Nmap command configured to perform reverse DNS name resolution, discover MAC addresses, or gather OS information on target CIs without using credentials. The Discovery - IP Based plugin is activated automatically when the Discovery [com.snc.discovery] or Event Management and Service Mapping Core [com.snc.service-watch] plugins are activated.
Important: Service Mapping does not check for the presence of the Nmap capability and selects the MID Server based on the IP address only. To ensure that Service Mapping does not select a MID Server without the Nmap capability, install Nmap on all MID Servers assigned to the IP address ranges on which you want credential-less Discovery to be available. If Service Mapping selects a MID Server for credential-less Discovery that does not have Nmap capabilities, this error message appears in the map, at the site of the CI being discovered: Nmap is not installed on MID Server. Verify all MIDs configured to handle selected IP Address have Nmap Capability. Nmap root directory path does not exist: <path>.
Nmap is supported on all editions of these operating systems, including virtual machines and 64 bit systems:
  • Windows 2008
  • Windows 2012
  • Windows 2016
Nmap can be installed on MID Servers that meet these requirements:
  • Status is Up.
  • MID Server is validated.
  • MID Server does not already have the Nmap capability.
Important: Running Nmap scans to or from any resource within the Amazon Web Service AWS environment is tightly regulated and requires the permission of AWS through the AWS Vulnerability/Penetration Testing Request form. AWS only permits testing of EC2 and RDS instances that you own. Tests against any other AWS services or AWS-owned resources are prohibited. In addition, any Nmap scan of a permitted instance must be performed within an approved time window. For these reasons, credential-less Discovery within an AWS environment is not appropriate, and if a violation of their policy occurs, could result in expulsion from the service.

To install Nmap on a Windows MID Server:

Procedure

  1. Navigate to MID Server > Servers.
  2. Open the desired MID Server record.
  3. Under Related Links, select Enable Credential-less Discovery.
    A confirmation dialog box appears.
    Confirmation dialog box
  4. Click Yes to continue with the installation.
    The instance runs the Nmap installer from https://install.service-now.com, a site within a ServiceNow datacenter that contains installers for the platform. This progress notice appears during installation:
    Nmap installer progress notice

    The Logs tab in the MID Server record shows the message: Running system command: installNmap.

  5. Click OK if you want to hide the dialog box while the installer continues to run in the background.
    Installing Nmap also installs Npcap on the host, if it is not already installed. Npcap is Nmap's packet capture library for Windows that allows Nmap to perform port scans quickly and to identify the family of the operating system running on the target. Npcap is installed once on the host and can be used by any other application that requires it, such as Wireshark.
    Note: If a more recent version of Npcap is already installed on the Windows MID Server host, Nmap is installed without Npcap. If an older version of Npcap is installed on the host, the Nmap installer upgrades it to the newer version.
    The installation process has either of these outcomes:
    • Success: These conditions indicate a successful installation:
      • The version of Nmap that is installed appears in the Nmap version field in the MID Server record
      • The Related Link changes to Disable Credential-less Discovery.
      • The Nmap capability is assigned to the MID Server and appears in the Capabilities tab of the MID Server record.
    • Failure: If the installation fails, an error message is logged to the MID Server Issue [ecc_agent_issue] table. If you run the installer again with success, the issue is marked as Resolved.
  6. To uninstall Nmap for a selected MID Server, select Disable Credential-less Discovery under Related Links in the MID Server record.
    This dialog appears during the uninstallation process:
    Credential-less Discovery uninstallation notice
    The Logs tab in the MID Server record shows the message: Running system command: uninstallNmap.
    Note: Uninstalling Nmap does not uninstall Npcap. This must be done manually.