11-09-2016 10:10 AM
I am doing an ISE install at a large hospital and they are concerned about the NMAP profilers effect on some of their legacy medical equipment. I have done 75-100 installs at all sorts of customers including hospitals and manufacturing environment and have never had an issue with the selective NMAP scans ISE uses. However, the customer would like more detail on exactly what the NMAP scan will be doing.
I believe the default NMAP scan in 2.x is SNMP + OS scan. So the SNMP port check is easy to explain, but what is involved in the OS scan? If ISE is using the standard NMAP process under the covers what switches (options) are run for the OS detection?
I am not worried about ISE causing an issue, but I need to provide details as the customer has had other products like Qualys take down their PAX system.
Thanks.
Solved! Go to Solution.
11-09-2016 02:55 PM
Thanks!
I also found the base command used in the admin guide:
nmap -O -sU -p U:161,162 –oN
11-09-2016 02:42 PM
Yes, you are correct ISE is using the open-source NMAP utility for this. How To: ISE Profiling Design Guide has the info and this is still true for ISE 2.x.
11-09-2016 02:55 PM
Thanks!
I also found the base command used in the admin guide:
nmap -O -sU -p U:161,162 –oN
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide