SNMP Network Scan Issue

arobertson · ‎02-26-2016

Hi All,

I'm trying to discover one of our switches and it keeps trying to connect via SSH even though i have no credentials defined and have switched the SNMP & SSH probe orders around.

I have SNMP credentials defined, but looking at the discovery payload, it does not even try to scan that port? I have tried applying an SNMP only behavior, but then it fails to pick it up at all.

robertgeen · ‎02-26-2016

Hello Alex,

In the Shazzam Probe Input is it finding the SNMP port being open? It sounds like it's not finding the port to be open so it's not even trying the SNMP credential. If it's trying SSH credential then it's doing that simply because it sees port 22 is open. Your first step will be to check the ECC Queue for the Shazzam Input step and take a look at which ports it found open on the device.

arobertson · ‎02-26-2016

Thanks Rob,

Its not even listing in the payload as refused. (I have removed the port numbers.)

robertgeen · ‎02-26-2016

Hello Alex,

More than likely there is an ACL on the device that is stopping you. When it doesn't show up in the results it usually means that it's getting no response on the port at all. See the link below it outlines that when the port doesn't respond at all (especially since SNMP is UDP based) it doesn't return it in the response results. Usually when I have had a problem like this it was because of an ACL on the device not allowing SNMP to respond at all because the MID Server IP wasn't included in the ACL (probably has a deny all statement at the end of it). Hope this helps.

Discovery Troubleshooting - Port Scanning - ServiceNow Wiki