Environment
LDMS 9.x
Question
How do I verify my UDD results are accurate and working correctly?
Configure your UDD settings (in this case I am using the default settings)
Be sure to note the specific options because each option will change the way the scan will work.
Run ProcessExplorer while your UDD task is ran from the LDMS management console and look for the nmap.exe task.
Double click to open the nmap.exe task to see additional properties like the nmap command that was launched.
In this example see how nmap was launched;
"C:\Program Files (x86)\LANDesk\ManagementSuite\nmap\nmap.exe" -v -PN -T4 -sS -F -O --script smb-os-discovery.nse --osscan-guess -iL "C:\Users\Administrator\AppData\Local\Temp\0ul6hdmp.scanlist" -oX "C:\Users\Administrator\AppData\Local\Temp\0ul6hdmp.xml"
Notice that the command points to a Temp folder on my core for writing the outputs of these scans;
Explanation of these files
The *.scanlist file has a list of IP addresses that were scanned
The *.xml file will be created and then updated with the correct results while the UDD task is running. After the task is complete you can analyze to see the results.
The *.tmp file does not have any data in it so you don't need to worry about it
Comparing the results from the Core to running nmap manually. This will help prove or disprove an issue with the core or nmap.
Take the nmap command that the core used, and run it through a command prompt:
NOTE -- You will want to rename or backup the *.xml file in the Temp directory prior to running this manually. If you don't then it will be overwritten. Notice for my test I renamed 0u16hdmp.xml to 0u16hdmp1.xml.
What difference if any do you see between the output files from the core VS running from CMD?
To learn more about nmap: http://nmap.org/
To learn more about OS Fingerprinting:
NMAP - OS Fingerprinting Ports Used in LANDesk 9 SP2
Note that if you DO NOT use OS Fingerprinting then LDMS does NOT use nmap. Instead we will do a ICMP ping sweep and use NetBios to find the host name.
