IP range polling
Dec 4, 2023
Initially, Kaspersky Security Center gets IP ranges for polling from the network settings of the device on which it is installed. If the device address is 192.168.0.1 and the subnet mask is 255.255.255.0, Kaspersky Security Center includes the network 192.168.0.0/24 in the list of polling address automatically. Kaspersky Security Center polls all addresses from 192.168.0.1 to 192.168.0.254.
It is not recommended to use IP range polling if you use Windows network polling and/or Active Directory polling.
Kaspersky Security Center can poll IP ranges by reverse DNS lookup or by using the NBNS protocol:
- Reverse DNS lookup
Kaspersky Security Center attempts to perform reverse name resolution for every IP address from the specified range to a DNS name using standard DNS requests. If this operation succeeds, the server sends an
ICMP ECHO REQUEST(the same as the ping command) to the received name. If the device responds, the information about it is added to the Kaspersky Security Center database. The reverse name resolution is necessary to exclude the network devices that can have an IP address but are not computers, for example, network printers or routers.
This polling method relies upon a correctly configured local DNS service. It must have a reverse lookup zone. In the networks where Active Directory is used, such a zone is maintained automatically. But in these networks, IP subnet polling does not provide more information than Active Directory polling. Moreover, administrators of small networks often do not configure the reverse lookup zone because it is not necessary for the work of many network services. For these reasons, IP subnet polling is disabled by default.
- NBNS protocol
If the reverse name resolution is not possible in your network for some reason, Kaspersky Security Center uses the NBNS protocol to poll the IP ranges. If a request to an IP address returns a NetBIOS name, the information about this device is added to the Kaspersky Security Center database.
Before you start network polling, make sure that the SMB protocol is enabled. Otherwise, Kaspersky Security Center cannot discover devices in the polled network. To enable the SMB protocol, follow the instructions for your operating system.
Viewing and modifying the settings for IP range polling
To view and modify the properties of IP range polling:
- In the main menu, go to Discovery & deployment → Discovery → IP ranges.
- Click the Properties button.
The IP polling properties window opens.
- Enable or disable IP polling by using the Allow polling toggle button.
- Configure the poll schedule. By default, IP polling runs every 420 minutes (seven hours).
When specifying the polling interval, make sure that this setting does not exceed the value of the IP address lifetime parameter. If an IP address is not verified by polling during the IP address lifetime, this IP address is automatically removed from the polling results. By default, the life span of the polling results is 24 hours, because dynamic IP addresses (assigned using Dynamic Host Configuration Protocol (DHCP)) change every 24 hours.
Polling schedule options:
- Click the Save button.
The properties are saved and applied to all IP ranges.
Running the poll manually
To run the poll immediately,
click Start poll.