cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5702
Views
5
Helpful
4
Replies

NMAP Scanning from FMC

pcnudde01
Level 1
Level 1

Running Firepower Management Center v6.2.0.2

I’m having 2 issues with NMAP and active discovery

First issue:  Hosts discovered by NMAP are not being added to the network map.  Only hosts discovered by passive discovery exist in the network map.  Is there a way to have hosts discovered by NMAP added to the network map?

Second issue:  NMAP is not correctly identifying the OS on some hosts.  There are a number of windows 7 machines which are being incorrectly identified by NMAP as Server 2008 with 100% confidence.  Is there a way to tune the NMAP to properly identify the OS on those hosts?  If not is there a way to bulk update the OS on those hosts in FMC?

 

Thanks

1 Accepted Solution

Accepted Solutions

I now see that it is not possible.

"A host must exist in the network map before Nmap can append its results to the host profile."

Source: http://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Host_Identity_Sources.html#ID-2219-0000055a

View solution in original post

4 Replies 4

Dennis Perto
Level 5
Level 5

Hi pcnudde01  

1. Did you configure the network for the NMAP scanned hosts in the "Network Discovery" policy?

2. No way of tuning NMAP. I guess that it is possible using the API to bulk update the OS on hosts, but I have not seen anything like that, yet. 

Did you configure the network for the NMAP scanned hosts in the "Network Discovery" policy?

If you mean under Policies | Network Discovery | Advanced | OS and Server Identity Sources did I add an NMAP scanner then yes.  There is no other place to configure NMAP scanning for network discovery policies.

I now see that it is not possible.

"A host must exist in the network map before Nmap can append its results to the host profile."

Source: http://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Host_Identity_Sources.html#ID-2219-0000055a

That's what I figured, thanks.  So Cisco touting NMAP as active network discovery is misleading then since NMAP won't actually add hosts it finds to the network map.  Seems like this would be an obvious thing to want to do and fairly simple to implement.  Maybe I will put in a feature request.

Thanks for the info.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: