cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
752
Views
5
Helpful
1
Replies

ISE nmap profiling attribute for vnc

rcullum
Level 1
Level 1

I'm trying to build a profiling policy for a wyse terminal. Nmap scan returns:

22-tcp    ssh
5900-tcp    vnc
80-tcp    http

in Context Visibility but I can't seem to use 5900-tcp as a profiling condition. It's not visible in the nmap dictionary on ISE (but nmap on ISE must know about it, else how would it know tcp/5900 is vnc). How do I fix this? This is ISE 2.3 Patch 4. Latest Profiling feed installed.

 

1 Accepted Solution

Accepted Solutions

paul
Level 10
Level 10

Build a custom NMAP scan defintion on the Policy->Results->Profiling->NMAP Scan screen.  Add 5900 as a custom TCP port to scan.  Save it.

 

Once you do that you will see TCP 5900 show up under NMAP extensions in your profiling options.  Make sure you select NMAP extensions.

View solution in original post

1 Reply 1

paul
Level 10
Level 10

Build a custom NMAP scan defintion on the Policy->Results->Profiling->NMAP Scan screen.  Add 5900 as a custom TCP port to scan.  Save it.

 

Once you do that you will see TCP 5900 show up under NMAP extensions in your profiling options.  Make sure you select NMAP extensions.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: