Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1326
Views
0
Helpful
2
Replies

NMAP Profiler Details

Go to solution
paul
Level 10
Level 10

‎11-09-2016 10:10 AM

I am doing an ISE install at a large hospital and they are concerned about the NMAP profilers effect on some of their legacy medical equipment.  I have done 75-100 installs at all sorts of customers including hospitals and manufacturing environment and have never had an issue with the selective NMAP scans ISE uses.  However, the customer would like more detail on exactly what the NMAP scan will be doing. 

I believe the default NMAP scan in 2.x is SNMP + OS scan.  So the SNMP port check is easy to explain, but what is involved in the OS scan?  If ISE is using the standard NMAP process under the covers what switches (options) are run for the OS detection?

I am not worried about ISE causing an issue, but I need to provide details as the customer has had other products like Qualys take down their PAX system.

Thanks.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul
Level 10
Level 10
In response to hslai

‎11-09-2016 02:55 PM

Thanks!

I also found the base command used in the admin guide:

nmap -O -sU -p U:161,162 –oN

View solution in original post

0 Helpful
2 Replies 2

Go to solution
hslai
Cisco Employee
Cisco Employee

‎11-09-2016 02:42 PM

Yes, you are correct ISE is using the open-source NMAP utility for this. How To: ISE Profiling Design Guide has the info and this  is still true for ISE 2.x.

0 Helpful

Go to solution
paul
Level 10
Level 10
In response to hslai

‎11-09-2016 02:55 PM

Thanks!

I also found the base command used in the admin guide:

nmap -O -sU -p U:161,162 –oN

0 Helpful
Customers Also Viewed These Support Documents