Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

NMAP does not work

This thread has been viewed 2 times

  • 1.  NMAP does not work

    Posted Jun 13, 2018 03:09 PM

    I cannot make nmap work at a certain environment. I enabled nmap in cluser settings, enbaled profiling in the services and ran a subnet scan. Still no port data in any profiled endpoint. 

    If I am not missing something in the config, it may be a firewall blocking issue. I will investigate in the FW logs, but I'd also like to know if there are ways to troubleshoot nmap in CPPM. 

    The simplest way would have been to run nmap from the Linux CLI on CPPM server, but the OS shell it is not available to mortals which are not TAC.   



  • 2.  RE: NMAP does not work

    Posted Jun 22, 2018 06:36 AM

    Update: I managed to make NMAP work - almost. the packet capture was a great help. 

    The piece which still does not work is NMAP by the Audit server: I enabled Audit and profiler on a service. The endpoint is being profiled after connection, but not with NMAP (no port info). 

    Any lead from the distiguished experts? I suspect it is becasue CPPM does not know which ip to NMAP too. 

     



  • 3.  RE: NMAP does not work

    Posted Jul 03, 2018 12:45 PM

    I'm experiencing the same thing (or so I thnik) - when a device is just a MAC address presented for dot1x/MAC-auth there's nothing for nmap to talk to (it does require an IP address) but futher it appears that CPPM only checks SNMP, SSH and WMI listening devices.

    I'm trying to scan/identify IoT devices which don't do SNMP, I don't know the SSH credentials (yet) and are't Windows devices so don't do WMI.

    If I'm right, I'm a little disappointed with the nmap implementation.

     

    Here's hoping someone who knows more than me about it can set use straight.



  • 4.  RE: NMAP does not work

    Posted Jul 03, 2018 01:06 PM

    I gathered some more insights since I posted the question:

    - NMAP (in Audit) will not work until the device is profiled. It makes sense, becasue only then it knows the ip address of the device

    - You have to have L3 information (ARP) from some source - DHCP, SPAN port, Router etc. for NMAP to work. Again make sense becasue NMAP is IP based. 

    - Obviously the firewall need to allow port scanning. 

    - Could have been better to have an audit and profiler log per endpoint. I guess the logs are there, but a little bit scattered. 



  • 5.  RE: NMAP does not work

    Posted Sep 05, 2018 04:07 AM

    Update: the profiling and Audit tabs in the service use the IP address from the NAD (send a Framed-ip via Radius). If the NAD is L2, there is no ip info from the NAD. Also many L3 NADs do not send the ip data in the connection stage. So the Audit option is not so usefull for static IP devices.