Enable Error Message "x.x.x.x is not a reachable host (no response to target ports scanned by MID)" For A Scheduled Discovery?

Tom Rausch · ‎06-15-2020

Overview

Can I enable the error message "x.x.x.x is not a reachable host (no response to target ports scanned by MID)" when I run a Scheduled Discovery? I receive that error message when I run a Quick Discovery, but I do not receive that error message when I run a Scheduled Discovery. I want this error message so I receive a log entry for every IP address that is not Discoverable; I currently receive no such error message

Example

When I run a Quick Discovery of a single IP address, 10.254.8.241, the IP is not reachable, and I receive this error message in the Discovery Log.

"10.254.8.241 is not a reachable host (no response to target ports scanned by MID)."

The benefit is that I receive a message in the Discovery Log that identifies an IP address that is NOT Discoverable.

When I run a Scheduled Discovery of the subnet 10.254.8.240/28, which includes the IP address 10.254.8.241, the Discovery finds eight devices; the IP address 10.254.8.241 has no device and so there is no associated device on this list.

10.254.8.245 dccan100tol02 Windows Server
10.254.8.246 cacol2app21 Windows Server
10.254.8.247 cacol2app20 Windows Server
10.254.8.248 dccan100sql17 Windows Server
10.254.8.250 (empty) Active, couldn't classify: No WMI connec
10.254.8.251 dccan100tola3 Windows Server
10.254.8.252 dccan100exc13 Windows Server
10.254.8.253 (empty) Active, couldn't classify: No WMI connec

These IPs in the Discovery Range have no devices. There is no mention of these IP addresses in the Discovery Log.

10.254.8.241
10.254.8.242
10.254.8.243
10.254.8.244
10.254.8.249
10.254.8.254

I would like to see these messages in the Discovery Log

10.254.8.241 is not a reachable host (no response to target ports scanned by MID).
10.254.8.242 is not a reachable host (no response to target ports scanned by MID).
10.254.8.243 is not a reachable host (no response to target ports scanned by MID).
10.254.8.244 is not a reachable host (no response to target ports scanned by MID).
10.254.8.249 is not a reachable host (no response to target ports scanned by MID).
10.254.8.254 is not a reachable host (no response to target ports scanned by MID).

Tom Rausch · ‎04-08-2021

Hello, @Peter Wood and @Marskh11 ,

I have not found a workaround and I'm not sure that I ever will. One possible complication is that the number of IPs that are designated "not a reachable host" can be massive for subnets with small CIDR host identifier bits. For example, if one scans the subnet "10.0.0.0/8", Discovery would have to report on 16,777,216 IP addresses, most of which are like designated "not a reachable host." This alone is one reason not to report on IP addresses that are designated "not a reachable host".

This is also discussed in this linked post.

Discovery Report Shazzam IPs Neither "Active" Nor "Alive"?

View solution in original post

Marskh11 · ‎08-19-2020

Hi Tom,

Did your company end up coming up with a good resolution for this? I find this to be a nuisance as well - when troubleshooting discovery errors having to constantly sift through errors that I expect because no device lives at that IP can be annoying. Love to hear if you did anything for this?

Tom Rausch · ‎08-28-2020

Hello, Marskh11,

I am still working on a solution. I plan to parse the Shazzam results for Discovery ranges, then record each IP scanned in a separate table.

An example Shazzam result appears here. From this, the parse finds the single IP address "192.168.0.5" and the range "172.16.0.0/12". It then expands the range. It adds all the IP addresses to a separate table.

172.16.0.0
172.16.0.1
...
172.31.255.255
192.168.0.5

<discovery_ranges>
  <meta_coll>
    <ip_list>
        <ip>192.168.0.5</ip>
    </ip_list>
   </meta_coll>
</discovery_ranges>
<discovery_ranges>
  <meta_coll>
    <inc_exc_coll>
      <summary>172.16.0.0/12</summary>
        <include>
          <network>
            <network_ip>172.16.0.0</network_ip>
            <netmask>12</netmask>
          </network>
        </include>
        <exclude><ip_list/></exclude>
    </inc_exc_coll>
  </meta_coll>
</discovery_ranges>

Using the SNC Network APIs would likely help this effort, but these are internal APIs, and ServiceNow will not release the API documentation to me.

Tom Rausch · ‎04-06-2021

Hello, @Marskh11 ,

Our company does not yet have a means to report IP addresses that are put through the Shazzam process but have no response to any port; that is, those IP addresses that are neither "Active" nor "Alive". I restated the question slightly and posted it in a new question in this Forum at this link.

Discovery Report Shazzam IPs Neither "Active" Nor "Alive"?

One possible complication is that the number of IPs that are neither "Active" nor "Alive" can be massive for subnets with small CIDR host identifier bits. For example, if one scans the subnet "10.0.0.0/8", Discovery would have to report on 16,777,216 IP addresses. That alone would be one reason not to report on IP addresses that are neither "Active" nor "Alive".

Tom Rausch · ‎04-06-2021

Here is a related question on this forum.

Discovery Report Shazzam IPs Neither "Active" Nor "Alive"?

Peter Wood · ‎04-07-2021

Hi,

I am facing same error. Did you find solution for this?

Thanks.