Skip to main content

Network Scanning

Network scanning is the foundation of infrastructure discovery in Tripl-i. Using multiple protocols and intelligent scanning techniques, the platform automatically discovers devices, maps network topology, and identifies services running across your network.

Scanning Protocols

WMI (Windows Management Instrumentation)

WMI provides deep Windows system information through a standardized interface. It's the primary protocol for discovering Windows servers and workstations.

What WMI collects:

CategoryInformation
HardwareCPU, memory, disk drives, network adapters, BIOS/UEFI
SoftwareInstalled applications, Windows features, running services, patches
SystemEvent logs, user accounts, scheduled tasks, firewall rules
PerformanceCPU utilization, memory usage, disk I/O

Network requirements:

  • TCP port 135 (RPC Endpoint Mapper)
  • Dynamic RPC ports (49152-65535)
  • WMI service must be enabled on target systems

For detailed WMI scanning setup, see WMI Scanning Reference.

SSH (Secure Shell)

SSH enables secure discovery of Linux, Unix, and network devices. It supports both password and key-based authentication.

What SSH collects:

CategoryInformation
SystemOS version, kernel, hardware details
SoftwarePackage listings, running processes, system services
NetworkInterface configuration, routing, active connections
PerformanceResource utilization, disk I/O, system load

Two scanning modes:

  • Basic Mode (regular user): System info, network config, processes, installed packages
  • Enhanced Mode (root/sudo): All basic data plus hardware details, BIOS info, disk health, virtualization

For detailed SSH scanning setup, see SSH Scanning Reference.

SNMP (Simple Network Management Protocol)

SNMP is the primary protocol for discovering network devices such as switches, routers, firewalls, and printers.

Supported versions:

  • SNMPv2c: Community-based with improvements over v1
  • SNMPv3: Secure with authentication and encryption (recommended)

What SNMP collects:

CategoryInformation
SystemDevice description, hostname, location, contact, uptime
InterfacesNetwork interfaces, speeds, status, traffic counters
TopologyCDP/LLDP neighbor discovery, VLAN assignments
Device-specificVendor-specific information (Cisco, HP, etc.)

For detailed SNMP scanning setup, see SNMP Scanning Reference.

vCenter Integration

Discover your entire VMware infrastructure including datacenters, clusters, ESXi hosts, and virtual machines.

What vCenter collects:

CategoryInformation
InfrastructureDatacenters, clusters, resource pools
HostsESXi hosts, hardware specs, configuration
Virtual MachinesVM inventory, resource allocation, guest OS
StorageDatastores, capacity, usage
NetworkingVirtual switches, port groups, VLANs

For detailed vCenter scanning setup, see vCenter Scanning Reference.

Setting Up a Discovery Scan

Step 1: Create a discovery schedule

  1. Navigate to Discovery > Schedules
  2. Click Create Schedule
  3. Configure:
    • Name: Descriptive name for the scan
    • IP Ranges: Target network ranges (CIDR notation, e.g., 192.168.1.0/24)
    • Protocols: Select WMI, SSH, SNMP, or vCenter
    • Credentials: Assign stored credentials for each protocol

Step 2: Assign credentials

Each protocol requires appropriate credentials:

ProtocolCredential Type
WMIWindows domain account with local admin rights
SSHUsername/password or SSH key pair
SNMPCommunity string (v2c) or username/auth/privacy (v3)
vCentervCenter account with read-only access

See Credential Management for secure credential storage.

Step 3: Configure the schedule

Choose when scans should run:

  • One-time: Run immediately or at a scheduled time
  • Recurring: Daily, weekly, or custom intervals
  • Continuous: Ongoing monitoring with configurable intervals

Step 4: Review results

After a scan completes:

  1. Navigate to Discovery > Scan History
  2. Review discovered devices and their details
  3. Check for any scan errors or incomplete results
  4. View newly created or updated CIs in the CMDB

Scanning Best Practices

Planning

  • Document your network topology before starting
  • Identify scan windows that minimize business impact
  • Prepare credentials in advance for each protocol
  • Notify network and security teams about scan activity

Implementation

  • Start with small network segments to validate settings
  • Monitor scan impact on network bandwidth and target systems
  • Validate discovered data against known inventory
  • Adjust timeout and concurrency settings as needed

Ongoing maintenance

  • Schedule regular scans to keep the CMDB current
  • Rotate and update credentials on a regular schedule
  • Review scan coverage to ensure all segments are included
  • Monitor scan health and error rates

Topology Discovery

Tripl-i can map your physical and logical network topology:

Layer 2 discovery:

  • CDP (Cisco Discovery Protocol) neighbor detection
  • LLDP (Link Layer Discovery Protocol) neighbor detection
  • VLAN assignments and switch port mappings
  • Physical connection mapping

Layer 3 discovery:

  • Routing table analysis
  • Subnet identification
  • Default gateway mapping
  • Network boundary detection

Troubleshooting

No response from target

Possible CauseResolution
Firewall blockingVerify required ports are open
Service disabledEnable WMI/SSH/SNMP on target
Network unreachableCheck routing and connectivity
Incorrect credentialsVerify credentials in Credential Manager

Incomplete discovery

SymptomResolution
Partial data collectionIncrease timeout values
Missing attributesCheck permission levels
Timeout errorsReduce concurrent scan threads
Missing devicesVerify IP ranges cover all segments

Slow scanning

SymptomResolution
Long scan timesIncrease parallel thread count
High timeout rateAdjust timeout values per protocol
Network congestionReduce concurrent connections or scan during off-hours

Next Steps