Mystery Devices...

When Discovery goes out and explores your network, most of the time it has no problem figuring out what's what. But sometimes it will find "things" out there that it cannot identify. What do you do then? Can you resolve such situations? Should you be worried about these unidentified monstrosities running around on your network?

These mystery devices are nothing to worry about. But that doesn't mean there isn't anything you should do!

Seeing which devices are a mystery to Discovery is easy: after a discovery has completed, the status form has a section titled Discovery Devices (out of the box, it's the bottom-most related list on the status form). In this list, there's a column called Class. Any device with a class of IP Device is a mystery to Discovery.

The screenshot at right shows a snippet taken out of the Discovery Devices list for a discovery I ran here at the wooden spaceship. The snippet shows several IP Devices, a couple of them with a "stop sign" showing up in the status.

The IP Devices with no stop sign are something that responded to a ping, but did not have any ports open (at least, none that Discovery is looking for). For such a device, Discovery does nothing at all beyond pinging it, trying to resolve its host name, and testing for open ports. Discovery has no information at all to indicate what kind of device it is, so it becomes a generic IP Device.

At right I've drilled into the IP Device at 10.10.11.161 to see the details of what happened during the discovery. You can see from the log that it got a response from ping, but found no open ports. With a little help from our IT folks, I found out that the device at this address is an IP (VoIP) phone, sitting on someone's desk here. The make and model of IP phone we have here happens to be one that is unmanageable (meaning that they don't respond to SNMP), so Discovery has no way to find out anything about them beyond their mere existence.

At left I've drilled into the IP Device at 10.10.11.165, one with a stop sign. Here you see slightly different results: this time Discovery got a result from ping, saw that port 22 was open — but couldn't authenticate on SSH. This just means you haven't entered the right credentials to allow Discovery to get access to the device to figure out what it is. Once again, Discovery doesn't have enough information to say what the device is (even though it has SSH open, it could be a computer, a router, an IP-enabled thermostat — but Discovery can't figure out which without credentials), so it becomes a generic IP Device.

What should you do about mystery devices? Well, for those that are caused by authentication failures (the ones with stop signs), the obvious thing to do is to get credentials and enter them into your system. If you cannot get credentials for some reason, then you can either ignore these devices, or you can enter their IP addresses as "excludes" in the Discovery schedule (so that Discovery won't even try to explore them any more). The IP Devices without stop signs are not indicative of any problem at all. You can safely ignore them altogether, or you can exclude their IP addresses from the Discovery schedule. If you have a situation like our IP phones, though, you'll want to be careful with such excludes: other devices may share the same IP address range. In fact, that is exactly the situation here at the wooden spaceship — the IP phones are on the same network as quite a few other devices, including the laptop I'm typing this post on. In a case like that, really the best course is to simply ignore those IP Devices...