Discover Your Network with Cloudamize Network Scanner

Owned by Dave Laing
Last updated: Oct 28, 2024
5 min read

Overview

The Cloudamize Network Scanner is a wrapper for the open source tool “nmap”. Our wrapper will run the tool, process the data, and send it back to the Cloudamize data collection servers. The tool must be downloaded prior to use: Nmap: the Network Mapper - Free Security Scanner and is not packaged with the Cloudamize Network Scanner wrapper. Please refer to nmap documentation for any queries regarding its usage.

The Cloudamize Network Scanner works with any of our supported Cloud Service Providers.

Usage

The data collected by the Network Scanner can be used in the following ways:

  1. To identify Windows and Linux servers that are not included in the Cloudamize assessment, and check off in real-time which servers are connected to Cloudamize using the Network Discovery tab (see below).

  2. To identify NAS and SAN devices. NetApp devices can also be identified so they can potentially be added to an Agentless Data Collector to gather data.

  3. To identify other servers (Unix systems, mainframes, etc.) which will be identifiable in the Migration Planner to assist with potential refactoring.

Requirements

The nmap tool is run from a Linux server. Its documentation can be found here.

We recommend running the wrapper and tool on a dev, utility, or otherwise disposable (non-production) server.

The server should have internal firewall visibility to as much of your network as you wish to scan for discovery and external firewall access based on the endpoint of your assessment:

  • US: am.cloudamize.com

  • EU: am-de.cloudamize.com

  • UAE: am-ae.cloudamize.com

The nmap tool requires root access. You must either run the network scanner with the root account, with sudo, or allow password-less sudo access to run nmap.

Downloading

You can download the network scanner as a binary distribution or wheel distribution.

Installing

You must install nmap and either the binary or wheel wrapper. The Network Scanner can be used in a Docker environment. We recommend a recent OS for newer versions of nmap with potentially better OS mapping.

Nmap

# For Ubuntu/Debian apt-get install nmap # For Red Hat yum install nmap

Binary

gunzip netscan.gz chmod +x netscan

Wheel

tar xzf netscanner-py3-none-any.whl.tgz pip3 install netscanner*.whl

Running the Network Scanner

The utility may have an unpredictable impact on your network - it is designed to back off if it starts to overload the network, but there are always risks. The utility can be passed the --slow or --fast flag to adjust the speed setting given to nmap.

Depending on the size of the network, the scanner may take a long time to run, and there is no resume functionality should it be interrupted. It is important that the machine scanning stays on.

The scanner will function best if you give it a reasonable range to scan. Targets are specified in CIDR notation, for example, 192.168.1.1/24 for a network with subnet mask 255.255.255.0. Multiple ranges can be specified by separating them, each with a comma.

A typical run of the network scanner may look like:

Viewing the Results: The Network Discovery Tab

Once the tool has completed its run and uploaded the data to the Cloudamize portal, you can view the results on the Network Discovery tab in the Inventory Settings page of the portal.

image-20241022-154430.png
Network Discovery Tab, Prior to Data Upload
image-20241024-162929.png
Network Discovery Tab, After Data Upload

On this tab, you can view all discovered network devices and any related details that have been discovered, labeled by column. The results are searchable using the search box to the top-left.

The “Included in Assessment” column identifies any servers that are connected to the portal by a Cloudamize data collector - Agent, Agentless, Hypervisor or vCenter connection are all valid connections. Using this, you can identify servers that aren’t currently included in the assessment and quickly be able to add them if desired, for example by adding their IP address to an existing Agentless Data Collector.

Support

The Network Scanner wrapper is provided as-is. Cloudamize can offer assistance configuring the command line for the tool, but cannot offer support for the nmap tool itself.

If you have any queries, please contact the helpdesk.