Under the hood with Asset Discovery in Track-It!

Version 1
    Share:|

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    Track-It!


    COMPONENT:

    Track-It!


    APPLIES TO:

    Track-It!



    PROBLEM:

    In depth detailed information regarding how Asset Discovery works in Track-It!.


    SOLUTION:

    Network Domain Scan

      When executing the Network Domain Scan criteria a Windows API, referred to as WNetAPI, is used. This API is indirectly linked to the Computer Browser service, which maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, the list will not be updated or maintained locally but the API will still be able to pull a list from the network. When using WNet functions to browse Windows network resources, the functions resolve, via the NTLM API (NETAPI32.DLL), to the NTLM service DLL Browser.dll. Browser.dll uses an internal API to work with the kernel mode NTLM datagram receiver to carry out the requested resource browsing functions. From this point the Winsock Control (Winsock API) is called and tries to intelligently resolve names. There is an API set for Windows Sockets that can work with TCP/IP and help to return information such as the HostName or the IP Address of a machine. This is obviously reliant on the presence of the relevant DNS or WINS servers and the TCP/IP protocol being installed. The specific API called of the Winsock API specification is GetHostByName API. From the SendArp call, whose only purpose is to send an ARP request to obtain the physical address, the specified destination IP address is queried to populate the Media Access Control (MAC) address field. If a MAC address is not resolved it is because the Discovery was unsuccessful in obtaining an ARP reply for the remote address. Even though an IP address may be present, it is only an attribute of a name server maintaining an old record for the hostname maintained by the browser service. 

      IP Address Scan w/SNMP  
        When executing the IP address scan criteria a single IP address and/or range of IP addresses can be specified. When an IP range (starting & ending) is specified the Network ID is filtered from the starting and ending range. Then all possible Host ID�s within the given range are parsed for the existence of an active object. The object is active if it responds to a PING request. Multiple probes are sent out simultaneously to gather data. As these probes report back, more are sent out until the range is entirely parsed. As the probes are sent out they are tagged with SNMP community name strings, which jointly parse for description information. The description information is used to primarily identify the type of object. The default SNMP community name is �public� and more than one may be specified. SNMP is only used with the IP address scan criteria. More than one range can be specified for extensibility purposes as well. The IP addresses are then resolved via WINS or DNS. A DNS FQDN (Fully Qualified Domain Name) is only returned if it is unable to resolve via WINS. Finally if a resolution server can not be queried, the SNMP SysName is retrieved if one is present. For all intents and purposes it should be noted that this algorithm was directly extracted from Network Monitor. 

        Domain OU Scan  
          When executing an OU scan the Active Directory Services Interface (ADSI) is used to first query for a list of Organizational Units within the chosen domain. A query to return the list of computers in that OU is then run. From this point the Winsock Control (Winsock API) is called and tries to intelligently resolve names. There is an API set for Windows Sockets that can work with TCP/IP to help return information such as the HostName or the IP address of a machine. This is obviously reliant on the presence of the relevant DNS or WINS servers and the TCP/IP protocol being installed. The specific Winsock API called is GetHostByName API. The SendArp call, whose only purpose is send an ARP request to obtain the physical address of the specified IP address, populates the Media Access Control (MAC) address field. If a MAC address is not resolved it is because the discovery was unsuccessful in obtaining an ARP reply for the remote address. Even though an IP address may be present it is only an attribute of a name server maintaining an old record for the hostname that is maintained by the Browser service. 

            

           


          Article Number:

          000008865


          Article Type:

          Solutions to a Product Problem



            Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles