Troubleshooting the Shazzam Phase in Discovery

  • Discovery does not find a device
  • Discovery does not find all devices
  • Discovery cannot find LPS devices
  • Cannot find a device
  • Discovery fails to locat a device
  • Shazzam cannot find all devices
  • Shazzam cannot find SNMP devices
  • Shazzam cannot find LPS devices


Video Tutorial: Troubleshooting a failed Discovery: Scanning Phase




Discovery reacts to the Shazzam port scan as follows:

  • If Discovery finds an IP address with a state of OPEN for any port communicating over WMI, SSH, or SNMP, Discovery lists the IP address in the Shazzam returns (result="open") and begins the classification phase.
  • If Discovery does not receive a response from a port, it does not list the IP address in the returns from Shazzam.
  • If Discovery receives a response from the scan that refuses the connection, Discovery lists the IP address and the result (result="refused") in the Shazzam returns.

Common problems that may occur during the Shazzam phase, also known as a port scan, in Discovery, and possible solutions include the following:

Shazzam cannot find any devices at all

Shazzam cannot find any particular type of devices (SNMP/SSH/WMI)

  • If it is not a network issue, first check the port_probe_spec Shazzam output payload and make sure your port is being scanned. If it is not scanned, then check the behavior of the schedule. For more information, see the documentation on Discovery Behavior.
  • Also, it is possible that the port probes are not prioritized property. For more information, see Selective Port Probe Scanning documentation.

Shazzam cannot find any SNMP devices

  • If the solutions above do not work, credentials for SNMP devices are needed for SNMP. To add credentials, see the Credentials documentation.

Shazzam is not finding some LPS devices

  • Make sure the device type port is open and the service is up and running on that device (for example, WMI service, SSH server).
  • Shazzam has probe parameters that may need to be fine tuned. For example, if Shazzam is not finding SSH devices, the GenericTCP_waitForConnectMS and BannerTCP_waitForConnectMS wait time may need to be extended. For more information, see the Shazzam Probe Parameters documentation.
  • Reducing the shazzam_chunk_size from 100 to a lower number may also help.

The MID Server is not turning information for a certain network segment, or for the entire network

Article Information

Last Updated:2017-03-01 14:09:27