From OCS Inventory NG
Jump to: navigation, search

Using IP discovery feature.

IP discovery feature allow OCS Inventory NG to discover all Netzwerk connected devices on the Netzwerk.

For this, Kommunikationserver asks a number of most “active” computers running OCS Inventory NG agent to scan for MAC addresses in their Teil-Netzwerk at each run. They will not scan the entire wide area Netzwerk, but only their local Netzwerk defined by the couple IP-Adresse/Netzwerkmaske.


Inventory software is very useful for administrator. It allows “enlightening” his computers stock. Today, with use of TCP/IP, we can say that enlightenment is done at the same time for all the enterprise Netzwerk, especially if, like OCS Inventory NG, working is natively Netzwerk based.

But, what about devices which do not send inventory, for many reasons like a forgetting, a lack of cooperation from users? What about from all “alive” devices which cannot run inventory agent (printers, switches, routers, WiFi access points…)? What about computers which do not have to be connected on your Netzwerk and which are conspicuous for their discretion?

IPDISCOVER try to answer to those problematic. Even if it can work independently, it matches perfectly to OCS structure. As working is based on a communication between all hosts of information system and a central server, it’s easy for the server to order at his “subordinate” to make some little tasks, as getting registry key, doing an inventory or retrieving all devices answering on his IP segment.

How does it work?

Retrieving information.

OCS NG system is based on a dialog between agents installed on computers and Apache module on OCS NG server. Exchange is done in compressed XML and allows configuring agent tasks.

When a computer send an inventory result, server try to determine if it needs some other computers (number can be configured) to scan hosts in this Teil-Netzwerk. Gateway IP address are used to cartography enterprise Netzwerk.

If it’s needed, server estimate host quality and decide to activate or not host as an ipdiscover enabled computer. In this case, computer will send systematically an inventory, independently of general configuration parameter 'FREQUENCY'.

Election mechanism.

Once server has determined that there is a need for the selected gateway, it evaluates the following criteria:

  • OS: operating system must be Windows XP or Windows 2000 (all versions) or Linux.
  • QUALITY: this parameter means the host connection average to the server in days. It is evaluated dynamically by Kommunikationserver only when there is more than the number (defined by ‘IPDISCOVER’ option) of inventoried hosts for a gateway. If current computer sending inventory results has better quality than another IPDISCOVER enabled computer for this gateway, current computer will replace the other one. ‘IPDISCOVER’ option must be greater than zero to enable this feature!
  • FIDELITY: total number of connections to the server from the computer. This number must be at least 3, to allow QUALITY to be computed from representative data.
  • NETMASK: Netzwerkmaske. It must describe a maximum of B class IP-Netzwerk (2 first bytes to 255 => 255.255.X.X).
  • LASTDATE: when Kommunikationserver compute QUALITY, if it finds a host which hasn’t sent inventory results from number of days defined by ‘IPDISCOVER_MAX_ALIVE’ option, it will replace this host by a new one.

Hinweis: You can customize Agent’s ipdiscover settings for each Computer from the Administration console. You can totally disable ipdiscover or force ipdiscover on a specific Netzwerk. These Options are available on Computer properties page, under “Customization” section. However, the election mechanism is the best way to do the Netzwerk discovery. Use ipdiscover customization with care.

How do agents work?

Once agent has received order to proceed to discovery of his Teil-Netzwerk, it identifies first Netzwerk interface to use. It tries then to resolve through ARP all IP addresses answering on his segment (delay between 2 hosts acan may be defined using option “IPDISCOVER_LATENCY”, see § 6.2 Managing OCS Inventory NG general options.). All devices answering to the question are stored in XML inventory result and sent to server.

Server tuning

When doing a new installation of OCS NG, we understand easily that it requires some times to be ready to enable ipdiscovery feature. It requires some times to grab all gateways and to elect computers for ipdiscovery. As a computer can only be elected if it REALLY provides an inventory, it may be wiser to configure at the beginning ‘FREQUENCY’ option to zero, always generate an inventory. You can increase this value later, when infrastructure will be ready.

Analyzing errors (thought ipdiscover-util.pl used directly or from web interface) will allow you to detect potential problems. More the value of QUALITY will be lesser, more your ipdiscover information will be up to date.

System will be giving you the best in a domain, with a daily authentication and inventory. Tests done with this configuration on 20 000 hosts and 250 Teil-Netzwerke generate a DAILY actualization of 15 000 IP addresses.

To finish, value set for IPDISCOVER will tell to server how many computers are wished by gateway to run this task (if you set this value to zero, feature will be disabled).

Arbeiten mit den Ergebnissen

Securite a.png You can view which Computers run the IP discovery scans by clicking on toolbar Menü “Sicherheit”.

DE Sicherheit Hauptmenue.png

Die Namen Ihrer Netzwerke verwalten

You may define your Teil-Netzwerke by a Name and a unique ID, to view results easily.

Click on “Config” Menü und then on “Subnet names” Menü um Ihre Teil-Netzwerke zu verwalten.


Geben Sie Netzwerkname (z.B. DMZ), ID, IP-Adresse und IP-Netzwerkmaske ein, klicken Sie dann auf den “Send”-Button to validate.

Um eine Netzwerkdefinition zu löschen, einfach auf das rote Kreuz-Symbol am Ende der jeweiligen Zeile klicken.

Liste der Netzwerke anzeigen

You can view the list of Teil-Netzwerk configured in your Netzwerk by selecting “Netzwerkinformation” menu.


Für jedes Netzwerk, können sie anzeigen wie viele inventarisierte Geräte, nicht inventarisierte Geräte, IPDISCOVER feature enabled Geräte und identifizierte Geräte (bekannte Geräte, händisch in der Datenbank registriert) mit diesem Netzwerk verbunden sind.

Click on the number of needed column to view each type of devices.

Zeige inventarisierte Geräte in diesem Netzwerk an

You can view the list of inventoried hosts (computers with OCS Inventory NG agent installed) on your Netzwerk by clicking on number in column “Inventoried” in the Netzwerkliste.


Zeige nicht-inventarisierte Geräte in diesem Netzwerk an

You can view the list of active Netzwerk devices detected with IPDISCOVERY on your Netzwerk by clicking on number in column “Non inventoried” (computers without OCS Inventory NG agent installed) in the Netzwerkliste.


If there is, in the list, devices you know as legitimate, you can register them so they will not be displayed next time. For this, just click the icon at the end of corresponding line. Before, you may want to register “Device type” to easily identify known hosts (siehe §7.3.8 Registering known hosts).

You may also analyze this Netzwerk by clicking “Analyze” button. IPDISCOVER-UTIL Perlskript will be used to determine, for each Netzwerk device, seinem NetBios-Namen oder DNS-Namen und dem Typ des Betriebssystems.

Hinweis: This feature uses IPDISCOVER-UTIL Perlskript, nur unter Linux Server verfügbar, which requires the following components.

  • nmap (getestet mit Version 3.75)
  • nmblookup (Teil der Samba-Suite, getestet mit Version 3.0.7/3.0.10)
  • Perl Modul Net::IP
  • Perl Modul DBI
  • Perl Modul DBD::mysql
  • Perl Modul XML::Simple

Die folgenden Typen werden verwendet:

  • Windows: Gerät scheint unter einer Microsoft Windows Version zu laufen
  • Linux: Gerät scheint unter Linux zu laufen
  • Netzwerk: Betriebssystem kann nicht bestimmt werden, es könnte ein Netzwerkgerät sein, wie z.B. Router, managebarer Switch, Drucker oder Rechner mit einem Betriebssystem wie Sun Solaris oder IBM AIX … Es könnte auch sein, dass auf dem Gerät eine Firewall-Software aktiv ist?
  • Phantom: Gerät antwortet derzeit nicht. Es könnte ausgeschaltet sein oder eine Firewall blockiert den Zugriff.


If a Netzwerk device is legitimate, you can register it by clicking on icon “Register” at the end of corresponding line. You will be able to enter a brief description and to select Netzwerk device type while registering it (see § 7.3.8 Registering known hosts.).

Show IPDISCOVER enabled hosts

You can view the list of hosts running IPDISCOVERY feature (computers with OCS Inventory NG agent installed, and this agent is elected by server to run discovery of his Teil-Netzwerk) on your Netzwerk by clicking on number in column “IpDiscover” in the Netzwerk list.


Show known oder identified hosts

You can view the list of known hosts already identified by someone on your Netzwerk by clicking on number in column “Identified” in the Netzwerkliste.


Gerätetypen verwalten

You can register devices (wie Router, Switches, Netzwerkdrucker, Computer für die es keinen Inventarisierungs-Agenten gibt …) as you know they are legitimate. As is, they will not be displayed in the List of uninventoried devices, to allow you concentrate on suspicious devices.

You may first define some device types to identify them easily.

Klick en Sie auf “Konfiguration” - "Netzwerkgeräte Typen" um die Gerätetypen zu verwalten.


Um einen neuen Gerätetyp hinzuzufügen bitte den gewünschten Namen in das Feld “Typ Name” eingeben und auf den “Senden”-Button klicken.

Um einen Gerätetyp zu löschen klicken Sie auf das Symbol mit dem roten Kreuz in der entsprechenden Zeile.

Unbekannte Geräte registrieren

You can add new devices by browsing list of uninventoried devices and clicking the icon at the end of corresponding line. This will bring you to page for adding or removing Netzwerk devices and “MAC” field will be automatically fill in.


Um ein Netzwerkgerät zu löschen, klicken Sie auf das Symbol mit dem roten Kreuz in der entsprechenden Zeile.

Scanning an IP-Adresse

You can scan query specific IP-Adresse to obtain Information about the host. Go to Menü “Sicherheit” und click on “IP querying” menu und then enter IP-Adresse, Netzwerkmaske und klicke auf den “Senden”-Button.

Hinweis: This feature uses IPDISCOVER-UTIL Perl-Skript available nur unter Linuxserver which requires the following components:

  • nmap (getestet mit Version 3.75)
  • nmblookup (Teil der Samba-Suite, getestet mit den Versionen 3.0.7/3.0.10)
  • Perl Modul Net::IP
  • Perl Modul DBI
  • Perl Modul DBD::mysql
  • Perl Modul XML::Simple


IPDISCOVER-UTIL Perlskript verwendet NMAP und NMBLOOKUP utilities to get Information about the host (DNS-Name, NetBios-Name …) und also show if host is inventoried und/oder discovered.