08-12-2022 08:48 PM - last edited on 04-02-2024 10:43 AM by Mercedes_O
On our asset list we have around 50 of these "webservers" with almost no information, I am not sure what lansweeper is looking at to get the info or where it comes from. They look like this:
When I visit the associated IP address, it goes to this generic Sophos screen:
We use a Sophos firewall and have Sophos clients installed on each computer, and the ESMTP makes me think it's something do with how our Sophos filters emails, but I don't really have much else to go on. I would love if someone could direct me on how to get some more information on these "webservers."
Thank you!
Solved! Go to Solution.
08-22-2022 11:30 PM
It looks like this person had the same issue scanning on a network with a Sophos firewall:
Scanning a public IP shows me my own firewall's information : nmap (reddit.com)
The firewall is acting as an email proxy to ensure all outbound email is scanned. This person disabled the proxy on the firewall to resolve the issue but if you're relying on that for email filtering I would recommend creating exceptions in Lansweeper instead.
08-18-2022 06:27 PM
I scanned the subnets with Advanced IP Scanner, but none of the subnets actually included the IP addresses I'm seeing on Lansweeper. Scanning the individual addresses made them show up on Advanced IP Scanner but there was no information besides the IP, and saying it was "alive." Thanks for the suggestion, anything else I could try?
08-19-2022 06:38 PM
Is there no MAC address that shows up in the scan results for these IP addresses? An IP packet traversing the network must have a MAC address associated with it. If there's a MAC address follow mkhuber1's suggestion to look up NIC manufacturer to get a clue as to what device it could be - Advanced IP Scanner may even identify the manufacturer for you.
If there's no MAC address, I imagine some sort of host filtering is going on on the computer you're scanning from. If Sophos client is installed, try shutting it off fully (no Sophos processes should be visible in Task Manager) and try scanning again. These may be virtual IPs accessible only on the host you're scanning from. Check if these IPs are visible in Resource Monitor > Network tab > under Listening Ports.
08-22-2022 05:15 PM - edited 08-22-2022 05:23 PM
No MAC address from advanced IP scanner. Even after I shut off Sophos client, IP address still allows me to scan, still with no MAC. Unfortunately it seems there are still some Sophos tasks running in the background I can't seem to kill, so that might be why. Using the resource monitor and looking at listening addresses, the IP does not show up.
08-22-2022 11:30 PM
It looks like this person had the same issue scanning on a network with a Sophos firewall:
Scanning a public IP shows me my own firewall's information : nmap (reddit.com)
The firewall is acting as an email proxy to ensure all outbound email is scanned. This person disabled the proxy on the firewall to resolve the issue but if you're relying on that for email filtering I would recommend creating exceptions in Lansweeper instead.
08-24-2022 11:40 AM
Thank you for your assistance @Nisanth
08-23-2022 03:39 PM
Perfect! I am a newbie when it comes to this stuff, your expertise is much appreciated. I can definitely add an exception for those items.
08-23-2022 06:26 PM
You're welcome - Lansweeper showing these results as a webserver and FTP caused some confusion too and should be improved.
Cheers
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now