- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-25-2016 05:32 AM
Hi Experts,
While I am trying to discover few SNMP devices, it is getting failed with following messages
"Active, couldn't classify: Can't connect SSH, now finished"
"SSHCommand: No valid credential found for types [SSH Password,SSH Private Key]"...
I can see source as "UNIX classify". I am wondering why UNIX classification is getting triggered while these are network devices.
Regards,
Rakesh Imandi
Solved! Go to Solution.
- Labels:
-
Service Mapping
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-02-2016 08:40 AM
Hi Rakesh,
When discovering network gear using normal discovery (no behaviors) we will check of all of our classification ports (ie, 135/wmi, 22/ssh, 161/snmp..etc)
That said, most network gear will use port 22 as a management port - this means during shazzam it comes back in a state of open - if you look at our Port Probes (Discovery --> Discovery Definition --> Port Probes) and add the column Classification Priority to your view, you'll see we Classify in the following order ::
1 - WMI
2 - SSH
3 - SNMP
and so on....
This means that if we find port 22 open we WILL try to classify as UNIX first, then once credentials fails (since this is network gear) we will move on to SNMP. This does create a false positive when running reports. Its my recommendation that you switch SSH and SNMP classification priorities that way we'll check SNMP before SSH. And since SNMP is stateless (UDP) we won't throw an error if snmp fails.
I believe in Geneva we implemented a new feature called IP Service Affinity, this just like Credential Affinity will remember which Classification was successful and try that one during all subsequent discoveries. More on this here ::
Let me know if this helps or if you have any other questions.
Thanks,
-Ryan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-02-2016 02:19 AM
This could be because of the port 22 that is open in the device which is being scanned.
Could you try the following?
1.just for testing purpose:
a. create a behavior that will use only SNMP and use that for discovery. Also,
b.give a lesser number for the SNMP credential and ensure that is tried before the linux type credential; give a discovery scan.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-05-2016 03:05 AM
Thank you Anand raj. It helped to an extent.
Now the discovery says "active, couldn't classify" with SNMP classify. When I looked at payload I couldn't get much info. Can you suggest how to determine the root cause of this failed discovery
So all snmp devices should be discovered in the same manner? What if we are discovering an IP range which consists of servers and netowrk devices?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-29-2016 02:42 AM
Apologies, I missed to follow this thread. Do you still face the issue or it is resolved ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2016 08:37 AM
Hi Rakesh,
I have the same issue. were you able to figure out whats wrong with this ?
Thank You
Reva
