1 answer
- 10-1
If your manual Nmap scan is from the same server that Open-AudIT is running on - then that's odd.
Although the IP addresses are different (172.17.20.254 in Open-AudIT and 172.17.20.1 in the manual scan).
What happens if you run (on the Open-AudIT server):
nmap -n -T4 -sU -p 161 172.17.20.254
That is what the default discovery is configured to run. You can see it in the discovery log.
- ToddeHB
root@xxx-Open-AudIT ~ > nmap -n -T4 -sU -p 161 172.17.20.254 Starting Nmap 7.93 ( https://nmap.org ) at 2024-03-06 14:59 CET Nmap scan report for 172.17.20.254 Host is up (0.00028s latency). PORT STATE SERVICE 161/udp open|filtered snmp MAC Address: 00:1A:8C:F0:4A:08 (xxxx) Nmap done: 1 IP address (1 host up) scanned in 0.36 seconds
- Mark Unwin
The issue is because the port is open|filtered and the default scan options are set to ignore this.This is viewable in the discovery, on the Scan Options tab.
If you don't have a license, this cannot be changed, except by changing the default scan options for all discoveries in the configuration.
If you have a Professional license, you can change the scan options by viewing the discovery and going to the Scan Options tab.
Professional customers can view the available discovery scan options (but not edit or create new sets) by going to menu → Discover → Discoveries → Discovery Scan options.
If you have an Enterprise license (even a free license) you can change this by viewing the discovery and going to the Scan Options tab. You can also change individual options, within the scan options set.
Enterprise customers can also build new discovery scan options sets by going to menu → Discover → Discoveries → Discovery Scan options.
- ToddeHB
So what do you propose to change regarding the scan option? I am using the free Enterprise license for testing purposes. I definetely know, that the device has SNMP v3 up and running, cause our monitoring solution is able to query.
- Mark Unwin
View the discovery, go to Scan Options, change the value for 'Consider Open|Filtered Ports Open' to 'y'.
- ToddeHB
Unfortunately this did not change anything
- Mark Unwin
No valid credentials is not the same as no open ports.
Obviously your SNMP credentials are not working on that device. The reason may be one of many. It may be that the credentials are incorrect, there may be access restrictions on IPs that can connect, or something else. If you are using NSMPv2 credentials, you could try the below on the command line of the Open-AudIT server.
snmpget -v2c -On -c PUBLIC IP 1.3.6.1.2.1.1.2.0
Obviously replace PUBLIC and IP with your own.
Add your comment...
Hi,
I have several discoveries running. During one of which I get this message
when running a scan against that host port 161/snmp is open
SNMP v3 is up an running on that device. Credentials are created in OpenAudit.
Any idea why the message appears in OpenAudit?