→ 🚀What's New? Join Us for the Fall Product Launch! Register Now !
We have a number of EOL Barco "WePresent" screen mirroring devices in conference rooms. They are various models - wePresent WiPG-1600W and wePresent WiCS-2100 primarily.
Some of them are identified as "Type: Webserver, DeviceModel: lighttpd/1.4.41"
Others show up as "Type: HTML Redirection, DeviceModel: lighttpd/1.4.37"
Others show up as "Type: wePresent Configurator, DeviceModel: lighttpd/1.4.41"
In each case the name might be the IP address or the same as the Type.
None of the created assets show a MAC address. All show the scanning credential as "Global SNMP".
All have Web services listening on port 80, 443, and 4001.
That's clever - I didn't realise you could see that in scans thanks for sharing @pej-sbs
It would be nice if Lansweeper could detect the device from the web interface output. There is some information to work with, similar to interfaces seen on VOIP phones, but it varies from model to model.
It's unclear if an SNMP query would give better information - we aren't getting more than I've noted at the moment, despite LS indicating SNMP was used.
Right now our main clue that it's a WePresent is the presence of port 4001.
One other clue is the certificates presented on the various HTTPS ports - they have the model number in them most of the time. Examples:
|-Subject : C=TW/O=Barco Limited/OU=wePresent/CN=wePresent 2100
|-Issuer : C=TW/L=New Taipei City/O=Barco Limited/OU=wePresent/CN=wePresent ROOT CA
|-Subject : C=TW/O=Barco Limited/OU=wePresent/CN=wePresent WiPG series
|-Issuer : C=TW/L=New Taipei City/O=Barco Limited/OU=wePresent/CN=wePresent ROOT CA
|-Subject : C=TW/ST=Barco/L=Taipei/O=BARCO/OU=BARCO/CN=Curry/E=barco@barco.com
Also for what it's worth, Nessus is able to detect version (but not model) with some accuracy via it's OS Identification plugin (11936). There we see "Barco WePresent 2.5.1.8" and "Barco WePresent 2.3.5.9".
Hello @pej-sbs
Great post and great question. I'm grateful for posts like this that provide a lot of useful information and details. So, thank you.
I'm thinking that Lansweeper has hit the port 80/443 in its discovery scan. Therefore the scanned data can spotty and inconsistent--like it was a web server. We need to get SSH or SNMP to be scanned.
Here's a great KB article about this type of scanning challenges: Network devices scanned as a web server - Lansweeper Community - 61260
Another thing to consider as an option, you can create a single IP scan target of just that device, assign only the SNMP or SSH credentials you want used on that device (of course, after ensuring the SNMP and/or SSH ports are open and available to be scanned) and see if that returns the results you need.
If this doesn't work correctly, may I suggest you reach out to our Support team.
Keep us posted how it goes...
Happy sweeping-
-Tim
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now