Using Istanbul...

If you search documentation for "Include alive" which is an option when creating a discovery schedule, it states:

"Select this check box to include alive devices, which are devices that have at least one port that responds to the scan, but no open ports."

What is the difference between a "port that responds" vs "open"?

When I troubleshoot discovery, I use telnet from the MID server to test a port on my target IP address.

When using telnet to test ports, if it is successful, is telnet telling me the port is responding, is open, or both?

Sometimes when I troubleshoot a failed Windows server discovery, the shazzam input payload doesn't mention trying port 135.   I see other ports, but not 135.   See below.

<result active="false" alive="true" ip_address="xxx.xxx.xxx.xxx">

    <scanner name="BannerTCP" port="22" portprobe="ssh" protocol="tcp" result="refused" service="ssh"/>

    <scanner name="BannerTCP" port="5480" portprobe="vmapp" protocol="tcp" result="refused" service="vmapp_https"/>

    <scanner name="BannerTCP" port="9443" portprobe="vmapp" protocol="tcp" result="refused" service="vmapp6_https"/>

    <scanner name="GenericTCP" port="5989" portprobe="wbem" protocol="tcp" result="refused" service="wbem_https"/>

    <scanner name="SLP" port="427" portprobe="slp" protocol="udp" result="refused" service="slp"/>

</result>

Why do I sometimes see port 135 not attempted in my shazzam input payload?

Thanks,

Ron