Passive Discovery

Admin > Discovery > Discovery Settings > Passive Discovery tab.

Passive Discovery detects all devices on your corporate network. It listens for any devices that come online, once an ARP (Address Resolution Protocol) request is detected, it captures the device details on the subnet. Name resolution for discovered devices is carried out using NetBIOS and reverse DNS queries. The Operating System for the device can be discovered using OS Fingerprinting technology, if enabled for the network.

The results are reported back to the Neurons Platform > Devices.

The Ivanti Neurons Agent must successfully check-in before these settings, or any changes you have made, will take effect.

Detect devices as they connect to the network: Select to enable passive discovery to listen for network traffic on the subnet to detect any connecting devices.
A device must be nominated to enable the Self-election process which runs in the background.

  • Device Name: Enter the name of a device on your corporate network. The self-elected device will contact this device to verify it is on your corporate network, so choose a device that will always be online and is only available in your corporate network, e.g. a domain controller.
  • Device IP: Enter the IP address of the device.

The device is validated by confirming a ping on the device name that matches the IP address.

OS Detection: Enabled by default. Allows discovery to attempt to detect the OS and type of device being discovered. If disabled, it will prohibit OS and device type details from being detected for discovered devices.

OS Detection scans are done in batches of 5 simultaneously.

Important: OS Detection may generate false positives and trigger Intrusion Detection Systems (IDS) due to how the technology scans remote devices by sending TCP/UDP and ICMP probes to attempt to determine the operating system.

Reverse DNS Lookup: Select to perform a DNS lookup against the IP address if a NETBIOS lookup fails.

Deployment Representatives only: Select to only run passive discovery and OS detection from deployment representatives. Default setting is Off.
An increased volume of network traffic caused by OS detection can trigger internal security issues, this setting limits the traffic to only those devices that are dedicated deployment representatives. Security software can then be configured to allow these devices to perform scanning.

Ivanti Neurons Discovery uses Npcap for ARP detection, and Nmap for OS detection, both require Admin permissions. If you select Deployment Representatives only then devices that are not deployment representatives will not have Npcap or Nmap installed.

When installing or uninstalling the Npcap driver in the network stack, there will be a brief interruption to network connectivity. To learn more see the Ivanti Community Article.

Related topics

Discovery Troubleshooting