Does Discovery ping a node initially?

Stuart Spreadbo · ‎05-16-2019

New to Discovery and untrained, so I apologize in advance for a simple question.

Does the Discovery engine, for a scheduled IP range, initially ping each node before trying to probe that node's ports? i.e. for a 24 bit masked network, 254 ping requests are transmitted and those that get a response will trigger port probes.

Or does Discovery probe the ports of all 254 nodes?

Thanks.

doug_schulze · ‎05-17-2019

You are correct, and fly it does, takes milliseconds per IP to make this determination and you have a lot of control over timeouts across the probe, so it's quite handy. Let's jump in the way back machine and look at a post from the developer that wrote the shazzam probe, our port scanner that does the good work in the first phase of discovery. Take special note to the change that is happening here. Discovery (10+) years ago did actually Ping (NOT ANYMORE) but we found that alot of environments had ICMP shut off and being wholly dependant on that first (ping) step would prevent us from going forward. So we thought, hey why not just skip to a port check, if its successful we obviously have connectivity and we can learn how to come back to communicate (protocol) with it further down the road.

So his post is about the big switch to how we do it today.

View solution in original post

tomcollins · ‎05-17-2019

For me, this is disappointing news. My network/security teams are not happy that the discovery starts with a full out port probe. We have issues in our network that can create reflections. This then can create a storm because ServiceNow thinks it is a connection response that then triggers additional communication attempts from the MidServer that causes congestion. If we could re-enable ICMP as a initial connection type, this would be resolved.