Searching for images of Shazzam (via Google image search) was more interesting than I'd thought it would be — turns out there are a lot of products (and other things) named "Shazzam", from cleaning fluids to singers to llamas and some things that made this old sailor blush (and shan't be discussed on this blog).
But our Shazzam is a bit different than all these things...
First, a brief review of how Discovery works without Shazzam. The first step is to "ping" specified ranges of IP addresses. This ping takes roughly 2 seconds per IP address, and all it tells us is that there's something (we know not what) at that address. Once the pinging is finished, Discovery does a "port scan" of any IP addresses that responded, to see if that address is listening for WMI, SSH, SNMP, or HTTP. This is really a quick test to see if the device at that IP address is (respectively) a Windows computer, a UNIX/Linux computer, a piece of network gear or a printer, or a web server. Once Discovery knows the result of the port scan, then it launches several probes to go explore that device more thoroughly.
Shazzam works much differently. The first step of Shazzam is port scanning — it scans for open ports on every IP address within the specified range, and it does so very quickly (hundreds or even thousands of IP addresses per second). In this way, Shazzam accomplishes the same thing as the current pinging followed by port scans, all in a single step.
But Shazzam goes even further — it also resolves the DNS name and WINS name of an IP address. If the IP address has a web server on it, it will get the headers from the web server to see what kind of web server it has. And if the IP address answers to SNMP, Shazzam will get a short description of the device. All of this in a single step.
The end result of Shazzam is a faster overall Discovery process, mainly because it cuts the number of probes required by about 30% to 40% (the exact savings depends on the composition of your environment). Shazzam will also greatly speed up the discovery of large IP ranges that are sparsely populated with actual devices. For example, if your organization uses a network like 10.0.0.0/16, there are 65,000+ IP addresses in that network but you may have only a few hundred devices on it. In this case, Shazzam is very much faster than the current Discovery method.
Shazzam is first available in the Stable 1 release (from 2/13/2009). By default it is turned off, as it is still an experimental feature. If you'd like to try it out, leave a comment on this post and we'll get in touch with you.
2 Comments
