IP range polling

Expand all | Collapse all

Kaspersky Security Center attempts to perform reverse name resolution for every address from the specified range to a DNS name using standard DNS requests. If this operation succeeds, the server sends an ICMP ECHO REQUEST (the same as the ping command) to the received name. If the device responds, the information about it is added to the Kaspersky Security Center database. The reverse name resolution is necessary to exclude the network devices that can have an IP address but are not computers, for example, network printers or routers.

This polling method relies upon a correctly configured local DNS service. It must have a reverse lookup zone. If this zone is not configured, IP subnet polling will yield no results. In the networks where Active Directory is used, such a zone is maintained automatically. But in these networks, IP subnet polling does not provide more information than Active Directory polling. Moreover, administrators of small networks often do not configure the reverse lookup zone because it is not necessary for the work of many network services. For these reasons, IP subnet polling is disabled by default.

Initially, Kaspersky Security Center gets IP ranges for polling from the network settings of the device on which it is installed. If the device address is 192.168.0.1 and the subnet mask is 255.255.255.0, Kaspersky Security Center includes the network 192.168.0.0/24 in the list of polling address automatically. Kaspersky Security Center polls all addresses from 192.168.0.1 to 192.168.0.254.

It is not recommended to use IP range polling if you use Windows network polling and/or Active Directory polling.

Viewing and modifying the settings for IP range polling

To view and modify the properties of IP range polling:

  1. In the main menu, go to DISCOVERY & DEPLOYMENT → DISCOVERYIP RANGES.
  2. Click the Properties button.

    The IP polling properties window opens.

  3. Enable or disable IP polling by using the Allow polling toggle button.
  4. Configure the poll schedule. By default, IP polling runs every 420 minutes (seven hours).

    When specifying the polling interval, make sure that this setting does not exceed the value of the IP address lifetime parameter. If an IP address is not verified by polling during the IP address lifetime, this IP address is automatically removed from the polling results. By default, the life span of the polling results is 24 hours, because dynamic IP addresses (assigned using Dynamic Host Configuration Protocol (DHCP)) change every 24 hours.

    Polling schedule options:

    • Every N days
    • Every N minutes
    • By days of week
    • Every month on specified days of selected weeks
    • Run missed tasks
  5. Click the Save button.

The properties are saved and applied to all IP ranges.

Running the poll manually

To run the poll immediately,

click Start poll.

See also:

Scenario: Discovering networked devices

Page top