This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

What qualifies as a webserver for lansweeper scans?

Go to solution
tcrlansweeper
Engaged Sweeper III

‎08-12-2022 08:48 PM - last edited 2 weeks ago by Community Manager

On our asset list we have around 50 of these "webservers" with almost no information, I am not sure what lansweeper is looking at to get the info or where it comes from. They look like this: 

tcrlansweeper_0-1660329826934.png

 

When I visit the associated IP address, it goes to this generic Sophos screen: 

tcrlansweeper_1-1660329905135.png

We use a Sophos firewall and have Sophos clients installed on each computer, and the ESMTP makes me think it's something do with how our Sophos filters emails, but I don't really have much else to go on. I would love if someone could direct me on how to get some more information on these "webservers."

Thank you!

Labels:
1 ACCEPTED SOLUTION
Go to solution
Nisanth
Engaged Sweeper II
In response to tcrlansweeper

‎08-22-2022 11:30 PM

It looks like this person had the same issue scanning on a network with a Sophos firewall:
Scanning a public IP shows me my own firewall's information : nmap (reddit.com)

The firewall is acting as an email proxy to ensure all outbound email is scanned. This person disabled the proxy on the firewall to resolve the issue but if you're relying on that for email filtering I would recommend creating exceptions in Lansweeper instead.

View solution in original post

16 REPLIES 16
Go to solution
tcrlansweeper
Engaged Sweeper III
In response to Nisanth

‎08-18-2022 06:27 PM

I scanned the subnets with Advanced IP Scanner, but none of the subnets actually included the IP addresses I'm seeing on Lansweeper. Scanning the individual addresses made them show up on Advanced IP Scanner but there was no information besides the IP, and saying it was "alive." Thanks for the suggestion, anything else I could try?

0 Kudos
Go to solution
Nisanth
Engaged Sweeper II
In response to tcrlansweeper

‎08-19-2022 06:38 PM

Is there no MAC address that shows up in the scan results for these IP addresses? An IP packet traversing the network must have a MAC address associated with it. If there's a MAC address follow mkhuber1's suggestion to look up NIC manufacturer to get a clue as to what device it could be - Advanced IP Scanner may even identify the manufacturer for you.

If there's no MAC address, I imagine some sort of host filtering is going on on the computer you're scanning from. If Sophos client is installed, try shutting it off fully (no Sophos processes should be visible in Task Manager) and try scanning again. These may be virtual IPs accessible only on the host you're scanning from. Check if these IPs are visible in Resource Monitor > Network tab > under Listening Ports.

Go to solution
tcrlansweeper
Engaged Sweeper III
In response to Nisanth

‎08-22-2022 05:15 PM - edited ‎08-22-2022 05:23 PM

No MAC address from advanced IP scanner. Even after I shut off Sophos client, IP address still allows me to scan, still with no MAC. Unfortunately it seems there are still some Sophos tasks running in the background I can't seem to kill, so that might be why. Using the resource monitor and looking at listening addresses, the IP does not show up. 

0 Kudos
Go to solution
Nisanth
Engaged Sweeper II
In response to tcrlansweeper

‎08-22-2022 11:30 PM

It looks like this person had the same issue scanning on a network with a Sophos firewall:
Scanning a public IP shows me my own firewall's information : nmap (reddit.com)

The firewall is acting as an email proxy to ensure all outbound email is scanned. This person disabled the proxy on the firewall to resolve the issue but if you're relying on that for email filtering I would recommend creating exceptions in Lansweeper instead.

Go to solution
CiaranC
Lansweeper Employee
Lansweeper Employee
In response to Nisanth

‎08-24-2022 11:40 AM

Thank you for your assistance @Nisanth

Project Manager at Lansweeper
0 Kudos
Go to solution
tcrlansweeper
Engaged Sweeper III
In response to Nisanth

‎08-23-2022 03:39 PM

Perfect! I am a newbie when it comes to this stuff, your expertise is much appreciated. I can definitely add an exception for those items. 

0 Kudos
Go to solution
Nisanth
Engaged Sweeper II
In response to tcrlansweeper

‎08-23-2022 06:26 PM

You're welcome - Lansweeper showing these results as a webserver and FTP caused some confusion too and should be improved.

Cheers

0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now