How does the network discovery work?

Network discovery is the processes where Holm Security VMP automatically scans an IP range to identify each device and adding them as separate assets.

Read more about how to add multiple hosts here:

http://support.holmsecurity.com/hc/en-us/articles/213578985

When doing a discovery scan Holm Security VMP uses multiple tests to check if a host is alive or not. Since there are networks where not all of the hosts are alive at any given time and only a small percentage of IP addresses are active, depending on firewall configurations or other circumstances, you may need many ways to detect alive hosts.

Here are some of the tests and short explanations that discovery scan uses to detect alive hosts and acquire information:

  • Internet Control Message Protocol (ICMP)
    Creates and sends a message to the source IP address to determine if the host can be reached.
  • Transmission Control Protocol - Synchronize (TCP SYN)
    Sends a TCP packet to the host requesting a connection to be established.
  • Transmission Control Protocol – Synchronize and Acknowledge (TCP SYN and ACK)
    Sends a TCP packet to the host requesting a connection to be established, receives an acknowledgment of an established connection.
  • 3-way handshake (only during port scanning) 
    Sends a TCP packet to the host requesting a connection to be established, receives an acknowledgment of an established connection, establish a connection.

After the host discovery is completed and if any alive hosts are found, it will proceed to scan ports using either TCP SYN or 3-way handshake to gather more information.

There are multiple options to select from when executing a discovery scan and not only to see if a host is dead or alive. You can customize the scan profile to suit your needs by including different types of test categories such as SSL and TLS, Product detection, Databases etc.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.