Discovery - Fingerprinting

Neuralyzer provides a device discovery capability that helps user find/discover all devices connecting to the network. The device discovery agent is responsible for collecting, probing or scanning the network to discover managed/unmanaged devices.

The device discovery agent allows user to discover:

  • OT devices (PLC, HMI)
  • Enterprise endpoint (SCADA, server)
  • Network devices (router, switch)
  • IT devices (computer, laptop, mobile, printer, camera…)

There are 3 modes for Neuralyzer discovery: basic active, smart active and passive scanning.

Active Scanning

The active scanning basically will discover what device is connecting to the network. The active scanning will provide some basic device information as below:

IP: IPv4 address of device.

MAC: MAC address of device.

Name: Name of device (Device type + Brand)

COC: Country of Origin of NICs.

Type/Sub-type: type of device.

Status: current status of device (active/inactive).

Onboarded time of device.

Smart Active Scanning

User can enable smart active scanning for specific device type in the Device Type setting.

Smart active scanning will provide more detail information about the device:

  • Hardware model
  • Hardware version
  • Hardware CPU
  • OS - device operating system
  • OS version
  • Open port and protocol.
  • Open port and protocol.

Note: This is the list of opening port that device is listening and services is being used to communicate to device.

Passive Scanning

User can enable passive scanning in Scanning Setting.

On this scanning mode, Neuralyzer will listen traffic send from switch to collect network data. So Neuralyzer will simply listen data from every network traffic that is sent by the switch.

The passive scanning will provide more detail information about the device and Neuralyzer always capture LLDP package (used for OT communication), analyze it and collect the device information continuously.

  • Hardware model
  • Hardware version
  • Hardware CPU
  • OS version

The passive scanning mode will also discover the connection, protocols and services that devices is communicating.

Note: Please make sure that the switch OS version supports LLDP. For Calalyst 2960, the OS version must be higher 12.2(350)

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
On This Page
Discovery - FingerprintingActive ScanningSmart Active ScanningPassive Scanning