cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Iwaschkin
Engaged Sweeper
I'm in a situation where I am using a single scan server Lansweeper instance and have a requirement to scan large IP spaces for assets (post-merger ITAM project for old lab spaces and associated). An example would be an undocumented /12 network that contains 400ish active endpoints, located in 90 separate non-contiguous subnets, and distributed across 4 continents. This will take 3-4 days to scan the entire /12 using 6 threads if my math is correct, and is one of many. So just adding the RFC private spaces is out - it will take far too long to scan.

So the solutions I've come up with are as follows:

I know I can use Nmap to scan, extract the IP's that respond to ping, then use a batch scanner to manually scan each IP. If I do this, can I automate regular rescans of the discovered assets or is the batch scanner a one-off scan? If it is just a one-off scan, is there a way I can automate batch scans using the API and the output of an Nmap scan?

I can also extract the /24's that appear to contain hosts from the Nmap output, and then import those as scan targets. This works, but I will end up with a very large list of scan targets and it will become problematic to maintain. The larger spaces I can scan, the better.

So my next thought is performance tuning for the scan process itself. Currently, IP scans are set to 6 threads. Is there a rough set of rules regarding how many threads can reasonably be run continuously given x cores, y ram, z network bandwidth, and so forth? Is it possible for me to add another 10 scanning servers to a pool of scanners and have Lansweeper distribute the scan between them?

So many questions, but ultimately I'm mainly interested in seeing how other Lansweeper users would approach this problem.
2 REPLIES 2
Esben_D
Lansweeper Employee
Lansweeper Employee
Since it sounds like you are mostly scanning IP's that are empty, you could definitely up the IP Threads to 84 (max threads is 99 but it combines computer + IP threads)
If your CPU usage spikes you can always tone it down.

Next up you can set the Ping time-out on your IP Range scan to 1s instead of 2s (as long as your pings don't take close to a second). Easy way to half the time it takes.

Third would indeed be setting up additional scanning servers and just spreading the load evenly.
OK, will give those settings a shot.

In terms of spreading the load over multiple scanners - do I have to split the work myself or will some form of logic handle this?