none
MAP IP Scan Question RRS feed

  • Question

  • hello.... I am sitting with a scenario with over 600 class B subnet to scan, however only 1 subnet is populated..... ie.

    ie 172.1.1.1 -> 172.1.1.254 & 172.2.1.1.-> 172.2.1.254 & 172.3.1.1 ->172.3.1.254 & so on.

    Is there anyway of importing IP ranges into MAP to be scanned? or prepoulsting the task? Or even scripting it?

    Then secondly, what depencies does an AD MAP scan rely on? Is it primarily DNS to located the AD computer objects? If thats the case, does that mean that this could be a reason for a AD MAP task to just end with no reason, except that it ended successfully?

    Any help or guidance would be appreciated!

    Thanks......

    Stephane

    Friday, March 5, 2010 10:08 AM

All replies

  • Hi Stephane,

     

    Importing IP ranges is one of our methods of machine discovery.  You should be able to enter ip ranges into our inventory wizard as you have suggested.

     

    The dependencies for a successful inventory rely on being able to make a remote WMI query.   Check out our FAQ question:

    Q: How can I use the MAP Toolkit given my current firewall configurations?

    A: MAP will only work if WMI traffic is allowed from the MAP computer to the inventoried machines. Many host-based and software-based firewall products will block DCOM traffic across the network adapters on the computer. To enable remote WMI access, you need to make sure that the TCP/UDP ports for the "Remote Administration" and "File and Printer Sharing" exceptions are open on the computer running the software firewall. In addition, you will need to ensure that the following required configuration is implemented prior to running the tool:

    • Enable Remote Administration exception. The "remote administration exception" needs to be enabled for computers when the Windows Firewall is enabled. This exception opens TCP port 135. If you have another host firewall installed, then you will need to allow network traffic through this port. You are advised to delete this exception after the MAP operation is completed.
    • Enable File and Printer sharing exception. The “File and Printer Sharing” exception must be enabled for computers when the Windows Firewall is enabled. This exception opens TCP ports 139 and 445, and UDP ports 137 and 138. If you have another host firewall installed, then you will need to allow network traffic through these ports. You are advised to delete this exception after the MAP operation is completed.

    More detail on network configuration requirements is provided in the “Getting Started Guide” provided with the MAP tool.

     

    Let me know if these helps or if you have any more questions.

     

    Thanks,

    Eric

    Monday, March 8, 2010 7:38 PM
  • Ok....you are refering to manually entering IP subnets..... I want to know whether there is a way of importing using a text file?

    Wrt to the AD dependency question, I am aware of the prereqs. I want to know what does the AD based scan use? My AD scans keep falling over.

    And lastly, why do I keep have MAP falling over with memory exception errors when trying to scan large amounts of computer objects or IP's?

    Stephane
    Tuesday, March 9, 2010 12:46 PM
  • The memory exception errors are a known issue when running on a 32-bit OS and scanning a slow network (if you're connected to most of your inventory targets via a WAN, for example).  You can get around this by either running MAP on a x64 OS, or by installing the MAP 5.0 CTP release instead of using 4.0

    When you say the AD scans keep falling over, are you referring to the out of memory exception or something else?   All the AD scan does is retrieve all computer objects from AD for the scope you specify (a particular domain or domains, a particular OU or set of OUs, whatever you specify in the UI).

    You can import a text file with computer names in it, but IP address will be ignored if you put them in the text file.   Use the IP address range scan for IP addresses.
    Tuesday, March 9, 2010 5:23 PM
  • Oh, and to answer your original quesiton, the IP address entry screen doesn't force you to enter one Class C subnet at a time.   If you did something like this:

    10.1.1.1.1       10.1.5.255

    it would work fine, all IP addresses between 1.1 and 5.255 (essentially 5 class C's worth of addresses or 1275 individual IP addresses) would get enumerated.  This will work for up to 10,000 IP addresses, after which you'll have to do another run of invnetory and specify another 10,000 addresses....

    Wednesday, March 10, 2010 4:10 PM