SNMP credential test passes but Discovery does not see port 161 open

Bob D
Tera Expert

‎10-21-2019 08:25 AM

SNMP Credential Test works OK, but Discovery/Shazzam does not see port 161 open. 

Using same MID server for both credential test and Quick Discovery

Discovery is checking the port. From Shazzam payload:  wmi,snmp,ssh,http,wins,dns,slp,wbem,vmapp,winrm,winrm_ssl

but no results from SNMP/161 in the XML payload:

<result active="true" alive="true" ip_address="10.xxx.xxx.xxx">
  <scanner name="HTTPS" port="5986" portprobe="winrm_ssl" protocol="tcp" result="timed_out" service="winrm_ssl"/>
  <scanner name="BannerTCP" port="22" portprobe="ssh" protocol="tcp" result="open" service="ssh">
  <banner_text>SSH-2.0-OpenSSH_6.2 FIPS  </banner_text>
    <banner_bytes>
     ......
    </banner_bytes>
  </scanner>
  <scanner name="SLP" port="427" portprobe="slp" protocol="udp" result="timed_out" service="slp"/>
  <scanner name="NBT" port="137" portprobe="wins" protocol="udp" result="unresolved" service="ms-nb-ns"/>
  <scanner name="DNS" port="53" portprobe="dns" protocol="udp" result="resolved" service="dns">
  <host_names>xxxxx.xxxx.com</host_names>
  </scanner>
  <scanner name="HTTP" port="80" portprobe="http" protocol="tcp" result="open" service="http">
  <response_code>200</response_code>
  <Server>Apache</Server>
  <http_version>HTTP/1.1</http_version>
  <response_text>OK</response_text>
  </scanner>
  <scanner name="HTTP" port="443" portprobe="http" protocol="tcp" result="open" service="https"/>
</result>
 
thanks for any suggestions
Labels:
0 Helpfuls
  • 1,552 Views
6 REPLIES 6

ravinder2601
Kilo Contributor

‎12-24-2019 01:04 AM

Hi Bob, 

Did you find a way out, i am facing the same issue. Have configured only SNMP devices in schedule and while discovering shazzam does not attempt for SNMP when it find SSH open, while we understand that few network devices have port 22 open.

 

please suggest if you have found a fix for this

0 Helpfuls

rada1
Kilo Contributor

‎01-02-2020 06:22 PM

Hi Bob and Ravinder,

I faced the same problem where the credential check was successful however Shazzam showed the SNMP port was closed. We ran Wireshark on the MID server and found that the SNMP device responded on a different IP address than the IP where the credential check was run. When I put this other IP address in the discovery schedule, the Shazzam probe showed the SNMP port as open.