2671 views

Troubleshooting the Shazzam Phase in Discovery

Symptoms
  • Discovery does not find a device
  • Discovery does not find all devices
  • Discovery cannot find LPS devices
  • Cannot find a device
  • Discovery fails to locate a device
  • Shazzam cannot find all devices
  • Shazzam cannot find SNMP devices
  • Shazzam cannot find LPS devices


 

Video Tutorial: Troubleshooting a failed Discovery: Scanning Phase


 

 

Resolution


Discovery reacts to the Shazzam port scan as follows:

  • If Discovery finds an IP address with a state of OPEN for any port communicating over WMI, SSH, or SNMP, Discovery lists the IP address in the Shazzam returns (result="open") and begins the classification phase.
  • If Discovery does not receive a response from a port, it does not list the IP address in the returns from Shazzam.
  • If Discovery receives a response from the scan that refuses the connection, Discovery lists the IP address and the result (result="refused") in the Shazzam returns.

Common problems that may occur during the Shazzam phase, also known as a port scan, in Discovery, and possible solutions include the following:

Shazzam cannot find any devices at all

Shazzam cannot find any particular type of devices (SNMP/SSH/WMI)

  • If it is not a network issue, first check the port_probe_spec Shazzam output payload and make sure your port is being scanned. If it is not scanned, then check the behavior of the schedule. For more information, see the documentation on Discovery Behaviors.
     
  • Also, it is possible that the port probes are not prioritized property. For more information, see the documentation pages on Selective Port Probe Scanning and Port Probes.

Shazzam cannot find any SNMP devices

Shazzam is not finding some LPS devices

  • Make sure the device type port is open and the service is up and running on that device (for example, WMI service, SSH server).
     
  • Shazzam has probe parameters that may need to be fine tuned. For example, if Shazzam is not finding SSH devices, the GenericTCP_waitForConnectMS and BannerTCP_waitForConnectMS wait time may need to be extended. For more information, see the Configure Shazzam probe parameters documentation page.
     
  • Reducing the shazzam_chunk_size from 100 to a lower number may also help.

The MID Server is not turning information for a certain network segment, or for the entire network

  • Check network connectivity using PING, TRACEROUTE, TELNET, and SNMP scanning tools.
  • Make sure the MID Servers that Discovery is using can reach the desired segments of the network. See the page: Configure an IP address range for the MID Server.

Article Information

Last Updated:2018-05-29 06:56:26
Published:2018-05-29