10-Strike LANState Online Help

Searching for New Hosts on Network

arrow The "Service | Search New Hosts" function helps to give the prompt response to new active hardware (computers, routers, switches, printers, etc.) connecting to your local-area network. That can be necessary for both ensuring the security of your LAN and maintaining the actuality of the map.

1. In the first case, this function can help you promptly cut off an unauthorized connection of an alien user to your network for the purposes of breaking in or abusing its resources. The program, when detects a new IP address not listed as an allowed one, will notify you of that with a popup message. The message will include IP address, MAC address and DNS name of the new device. 2. In the second case, this function can be used when generating a network map. Scan your local network's IP range once, and you will obtain the full list of devices that are currently active. After that, the Search New Hosts function can be run every time to actualize the list of objects on the map. When scanning network automatically in background mode, newly detected devices will be just placed on map automatically if you select the Place on map automatically setting. This function is helpful with rapid-growing local area networks.

The Search New Host function is built upon the same routine as Network Map Creation Wizard. It is based upon the multi-threaded polling of all possible IP addresses within specified ranges. To each IP address, the program sends a set of standard network queries, replies to which indicate that a device with such IP address is present in the network. Such queries include:

The polling routine runs through a number of simultaneous threads, which speeds up the search sufficiently.

arrow To search for new devices, on the main menu select Service | Search New Hosts or Edit | Import hosts | Scan IP address range.... The search window (Fig. 1) contains 4 tabs.

In the Starting IP address and Ending IP address fields on the first tab, enter the network scanning range. When you click on the arrow button,  the starting address field value will be copied to the ending address field; that speeds up entering IP range values. By default, these fields will automatically have the IP range with your computer's IP address (calculated automatically by the net mask value). You can set a different IP range automatically by selecting a different interface from the corresponding lit. Move the range you have defined here to the routine by clicking on the Add -> button. To remove a range from the list, simply click on the Delete button. Please note that the program will process only the ranges you have ticked off.

configuring IP address ranges
Fig. 1: The IP range scanning window (configuring IP address ranges).

arrow On the second tab (Fig. 2) you can set scanning parameters. Select the required network polling methods. Keep in mind that the more methods you select, the more devices can be found. However, that will increase the scanning time. The same applies to the number of TCP ports to be scanned and the number of ICMP packets. The data from the Community string field is necessary for finding and retrieving data from SNMP devices (network printers, switches, etc.) The most common Community string values are: public, private, rmon .

For all types of queries, you can set a custom Response timeout for the address to be polled. Enabling the Search only new devices parameter allows keeping an eye on new and unauthorized devices attempting to connect to your network. To ensure that the function runs well in this mode, scan the network once with this parameter disabled. After the program has found all devices within the specified range, place their addresses to the List of allowed IP addresses (Fig. 3). Then enable the Search only new devices parameter, and the program will notify you of new active devices with addresses outside of this list. You can loop the scanning process by specifying the automatic scan restart period (the Scan constantly, in NN sec. parameter.) The parameter Maximum number of threads sets the number of search threads that will simultaneously scan the specified IP ranges. The more threads you set, the faster the scanning will go. However, a too large number of threads can significantly drop the overall performance of your system. It is recommended that you use the default values. The greatest allowed number of threads is 100.

configuring scanning parameters
Fig. 2: The IP range scanning window (configuring scanning parameters).

arrow The third tab (Fig. 3) contains the List of allowed IP addresses. It can be compiled both by hand and automatically, by importing the data from an earlier created map or from the search results list (Fig. 4).

configuring allowed IP addresses
Fig. 3: The IP range scanning window (configuring allowed IP addresses).

arrow Scanning results are displayed on the last tab of the window (Fig. 4). To place the found devices on the map, tick them off and then click on the Add on map button. If necessary, you can chop off DNS suffixes of computer names when placing those on the map (select the parameter Cut DNS suffix...). You can also choose to add only new devices on the map you have created (i.e. only those that are not currently on the map). This makes it easier to maintain the actuality of maps of rapid-growing, large networks. To enable this option, simply tick off the parameter Add new hosts only. When scanning network automatically in background mode, newly detected devices will be just placed on map automatically if you select the Place on map automatically setting.

scanning results
Fig. 4: The IP range scanning window (scanning results).

The search process can be stopped before the completion by clicking on the Stop button.

arrow To send the scanning to background, hit on the Esc key or click on the Background button. At the same time, the toolbar of the main window of the program will display the button with the scanning progress displayed in its caption. Clicking on that button will bring the scanning process back to the window mode. If you select the Background mode and then minimize the program to tray, when the scanning is complete or when a new device is found, you will be notified with a sound, a message and a bubble tip by the program's icon in the tray.

arrow To keep an eye on the security of the network constantly and automatically, select the parameter Start search in background on the program startup. In this case, the specified IP ranges will be scanned automatically every time the program is run. The scanning window will be minimized, and to restore it, you would have to either select the corresponding items on the menu or click on the above described button on the toolbar.

arrow You can copy scanning results to clipboard and then paste them to any text file or a Microsoft Excel worksheet. For that purpose, open the context menu over the resource list and then select the Copy to clipboard item.

 

 

 

Products:
Network Inventory Explorer
Inventory Hardware and Software on Network Computers
LANState
Monitor Network Servers, Create Network Maps and Diagrams
Connection Monitor
Watch Who Gets Into Your Files over Network
Network File Search
Search Files on FTP Servers and Local Network
SearchMyDiscs
Catalog Disks, Create CD/DVD Database, and Search Files
Log-Analyzer
Analyze Your Apache/RAW Log Files
Junk Mail Remover
Remove E-mail Messages on POP3 Server, Save GPRS/EDGE Traffic
Site Map | Privacy Policy | Links
Copyright © 1999-2008, 10-Strike Software