Kaspersky Security Center 14

IP range polling

February 26, 2024

ID 166184

Expand all | Collapse all

Initially, Kaspersky Security Center gets IP ranges for polling from the network settings of the device on which it is installed. If the device address is 192.168.0.1 and the subnet mask is 255.255.255.0, Kaspersky Security Center includes the network 192.168.0.0/24 in the list of polling address automatically. Kaspersky Security Center polls all addresses from 192.168.0.1 to 192.168.0.254.

It is not recommended to use IP range polling if you use Windows network polling and/or Active Directory polling.

Kaspersky Security Center can poll IP ranges by reverse DNS lookup or by using the NBNS protocol:

  • Reverse DNS lookup

    Kaspersky Security Center attempts to perform reverse name resolution for every IP address from the specified range to a DNS name using standard DNS requests. If this operation succeeds, the server sends an ICMP ECHO REQUEST (the same as the ping command) to the received name. If the device responds, the information about it is added to the Kaspersky Security Center database. The reverse name resolution is necessary to exclude the network devices that can have an IP address but are not computers, for example, network printers or routers.

    This polling method relies upon a correctly configured local DNS service. It must have a reverse lookup zone. In the networks where Active Directory is used, such a zone is maintained automatically. But in these networks, IP subnet polling does not provide more information than Active Directory polling. Moreover, administrators of small networks often do not configure the reverse lookup zone because it is not necessary for the work of many network services. For these reasons, IP subnet polling is disabled by default.

  • NBNS protocol

    If the reverse name resolution is not possible in your network for some reason, Kaspersky Security Center uses the NBNS protocol to poll the IP ranges. If a request to an IP address returns a NetBIOS name, the information about this device is added to the Kaspersky Security Center database.

Before you start network polling, make sure that the SMB protocol is enabled. Otherwise, Kaspersky Security Center cannot discover devices in the polled network. To enable the SMB protocol, follow the instructions for your operating system.

Viewing and modifying the settings for IP range polling

To view and modify the properties of IP range polling:

  1. In the main menu, go to Discovery & deployment → DiscoveryIP ranges.
  2. Click the Properties button.

    The IP polling properties window opens.

  3. Enable or disable IP polling by using the Allow polling toggle button.
  4. Configure the poll schedule. By default, IP polling runs every 420 minutes (seven hours).

    When specifying the polling interval, make sure that this setting does not exceed the value of the IP address lifetime parameter. If an IP address is not verified by polling during the IP address lifetime, this IP address is automatically removed from the polling results. By default, the life span of the polling results is 24 hours, because dynamic IP addresses (assigned using Dynamic Host Configuration Protocol (DHCP)) change every 24 hours.

    Polling schedule options:

    • Every N days
    • Every N minutes
    • By days of week
    • Every month on specified days of selected weeks
    • Run missed tasks
  5. Click the Save button.

The properties are saved and applied to all IP ranges.

Running the poll manually

To run the poll immediately,

click Start poll.

See also:

Scenario: Discovering networked devices

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.