Showing results for 
Search instead for 
Did you mean: 

CiscoWorks making multiple UDP 161 and icmp (ping) request on an external IP



My Ciscoworks server is making multiple UDP 161 and icmp (ping) request on an external IP and its denying by firewall

Any idea what its causing..?


Thanks in Advance


Michel Hegeraat
Rising star

Assuming you don't have a device with as address

See if it happens when the discovery takes place

Ciscoworks tries to contact the neigbours via SNMP and ping, perhaps a neigbour uses this address.

Also check the discovery report. Maybe you can see which devices see this device as neigbour.






Vinod Arya
Cisco Employee

What is the server OS?

if it isn't Discovery, it could be any process where it can cause an issue. You can check which process is using the ping/ICMP. 

Following are the features/jobs which can use it :

  • Device availability for DCR
  • Inventory Job
  • Configuration Archive
  • Polling by Fault Management.

You can check when you see these messages does stopping corresponding processes fix this or not :

Inventory :

stop ICServer process (NMSROOT/bin/pdterm ICServer) (to start: NMSROOT/bin/pdexec ICServer)

Config Archive:

stop ConfigMgmtServer and ConfigUtilityService

Fault Manager :

Check if multiple sm_server processes are running, try to kill them using OS capabilites from task manager of kill -9 sig in sol/unix.



-Thanks Vinod **Rating Encourages contributors, and its really free. **



There is a system generated subnet object found in subnet groups, may this is the reason its sending the requests to whats this system generated and its really requitred? how can delete it?



If you have such a group, one of your devices has an address in this range.

It is possible this address is used by CDP and there for will be in the discovery report.

The subnet will go away if you no longer have an interface in this subnet.





Apart from what Michel said, you check the the user tracking subnet aquisition.

The Subnet aquisition is used by the User tracking mechanism which finds the details about the end hosts connected on network.

You can trigger acquisition on a single subnet or a select set of subnets. Subnet based acquisition collects details about the end hosts that are connected to a particular subnet or a select set of subnets. This Acquisition completes faster, since it is not run on all devices managed by LMS.

You can check the settings here :
Admin > Collection Settings > User Tracking > Subnet Acquisition Configuration

Try to exclude the subnet you want and see if this goes away. 


For more details check here :

Configuring Subnet UT Acquisition

Along with this, please check Ping sweep in UT settings. 

A ping sweep (also known as an ICMP sweep) is a basic network scanning technique used to determine the range of IP addresses that map to live end hosts (computers). You can use a single ping to find out whether a specific end host exists on the network.

A Ping Sweep consists of ICMP (Internet Control Message Protocol) ECHO requests sent to multiple hosts.

Try to disable Ping sweep from :

Admin > Collection Settings > User Tracking > Ping Sweep

Choose any of the following:

•Disable Ping Sweep


**Encourage Contributors. RATE them. **

-Thanks Vinod **Rating Encourages contributors, and its really free. **
Content for Community-Ad