This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Issues scanning OT

DonMario73
Champion Sweeper

‎08-04-2023 02:15 PM - last edited on ‎04-02-2024 07:55 AM by

Greetings, we are starting to scan OT devices and are having a hard time to make it work.  Follows the symptoms:

  • Not all OT devices are discovered by Lansweeper.  The only devices that are discovered are as follows:

DonMario73_1-1691151159712.png

  • We can ping all OT devices in the network from the Lansweeper OT console.

Has anybody experienced this kind of issues?

Regards

 

Mario

Labels:
0 Kudos
4 REPLIES 4
StillGoing
Champion Sweeper

‎08-09-2023 05:21 PM

We are just testing out the OT scanning and are running into similar issues. You do need to be very aware of the protocols that are supported, as described in knowledge base (OT supported protocols). Of course, you have to specify which protocols you want to use in your scanning target definitions, and even just including the included defaults will only recognize those that communicate on default ports.

In essence, to really get value out of Lansweeper OT you need to know your OT environment; e.g. what protocols are supported by the devices you want to identify and how those devices are configured. I expect a lot of organizations may not have that knowledge in house; if they do, they are probably already using something else to monitor those devices.

It certainly isn't a product you just 'drop in' to your environment with an expectation of immediate results. At least, that is my experience so far. Time will tell.

0 Kudos
Bert_D
Lansweeper Employee
Lansweeper Employee
In response to StillGoing

‎08-24-2023 03:27 PM

Hey StillGoing,

Thanks for your reply to this question!

I wanted to elaborate on one thing: of course, you have to specify which protocols you want to use in your scanning target definitions


This is actually not completely correct.

The latest version of the OT scanner (currently 3.3.8) actually has both an 'Advanced' and a 'Default' option. 

  • In the Advanced screen you have the option to specify the protocols that you wish to use. (this is what you are referring to) 
  • The Default screen is a Smart Scan that will automagically select the protocols for you. 

Hope this helps you and others

Feel free to try the default option if you haven't already and let us know if that works better or is easier from a configuration point for you!

 

DonMario73
Champion Sweeper
In response to StillGoing

‎08-14-2023 07:03 PM

We opened a case with support and they answered the following:

  • need to also install Lansweeper classic scanner to be able to scan SIEMENS switches that are part of the OT network.
  • seems like the OT Sensor also uses Credential Free Device Recognition but it didn't work in the tests that were performed in the customer environment.

Regards

Mario

0 Kudos
Bert_D
Lansweeper Employee
Lansweeper Employee
In response to DonMario73

‎08-24-2023 04:48 PM

The devices that are listed in your screenshot are indeed all switches. The current OT Scanner doesn't 'deepscan' those devices as it was build specifically for OT devices. In future iterations we are aiming to also deepscan IT devices from the same Discovery Hub but for now you would indeed still need the IT Scanner if you want all information (like switch port mapping, serial, firmware etc) for your switches/routers/...

Best chances of finding all your devices in an OT environment is by installing a Sensor on a windows box (physical or virtual) and place it in the VLAN that you want to scan. This should ensure devices are being picked up properly. Often there are numerous firewalls in place that may allow a ping but block all kind of other traffic/communications over VLANS that is needed to perform a correct inventory of a device. 

General Discussions

Find answers to technical questions about Lansweeper.

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now