Managing Augmentation Methods
Collectors perform active scans (Discover and Subnet Subnet is the logical division of an IP network.) on the network to detect the devices on the network and to collect data related to those devices. To enhance the data that is collected for the devices that are detected by the collector, collectors use augmentation methods associated to the different segments where the devices are detected. Augmentation methods enable the collectors to collect additional device attributes. These additional device attributes are collected to assist with device classification. Collectors can use these types of augmentation methods:
- Simple Network Management Protocol (SNMP Simple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. )
- Windows Management Instrumentation (WMI Windows Management Instrumentation. WMI consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification.)
- Secure Shell (SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. )
- Network Mapper (NMAP)
SNMP
Simple Network Management Protocol (SNMP) is a internet standard protocol for collecting information on networks. Devices that typically support SNMP include cable modems, routers, switches, printers, and so on.
Collectors send an SNMP message to the device to retrieve the network device information.
Device data collected from the SNMP augmentation method includes:
- Media access control (MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. ) address
- IP address
- Device family
- Device type
- System description
- Link Layer Discovery Protocol (LLDP Link Layer Discovery Protocol. LLDP is a vendor-neutral link layer protocol in the Internet Protocol suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, which is principally a wired Ethernet.) system description
- Cisco Discovery Protocol (CDP Cisco Discovery Protocol. CDP is a proprietary Data Link Layer protocol developed by Cisco Systems. CDP runs on Cisco devices and enables networking applications to learn about the neighboring devices directly connected to the network.) Cache Platform
- Network access device (NAD Network Access Device. NAD is a device that automatically connects the user to the preferred network, for example, an AP or an Ethernet switch.) IP
- NAD port
WMI
Windows Management Instrumentation (WMI) is a set of specifications from Microsoft for consolidating the management of devices and applications in a network from Windows computing systems.
Collectors use this WMI augmentation method to collect additional device data on Windows devices and servers.
Device data collected from the WMI augmentation method includes:
- IP address
- MAC address
- Operating system information
- Host name
- Services
- Process
- Username
- Open ports
- Application information
SSH
Collectors try and retrieve the following information for a device if port 22 is open on a device and Secure Shell (SSH) is configured:
- MAC address
- Device name
- IP address
- Host name from Mac/Linux devices
NMAP
Network Mapper (NMAP), is a free, open-source tool for network discovery. Collectors use NMAP to identify devices and to find the open ports on the device.
Device data collected from the NMAP augmentation method includes:
- Open ports
- Application information running behind those ports
For more information, see: