Overview
Data Providers are configured in Discovery Jobs to tell the Scanner which methods to use to scan for devices. Discovery Jobs can have multiple Data Providers configured in order to capture a specific set of anticipated devices. The below table gives a high-level overview of each Data Provider.
* requires authentication
Provider Name |
Used For |
Level of Detail |
Returned Information |
Ping |
All devices |
Basic (Success/Failure) |
Whether something exists at the other end of an IP address |
ARP |
All devices |
MAC addresses |
MAC addresses, only when another protocol is not available |
DNS |
All devices |
Name associated with IP address |
Device name, when name is missing from IP address |
Active Directory (AD)* |
All devices |
Basic |
Basic information used to further interrogate with WMI |
SNMP |
Network-attached devices (e.g., enterprise printers) |
Extensive; varies by manufacturer |
Details of business-class printers and other network devices |
UPnP |
Consumer-class devices |
Limited |
Details of UPnP devices, e.g., media servers, consumer-class printers |
WMI* |
Windows devices |
Extensive |
Details of Windows devices and servers |
SSH* |
Unix/Linux and Mac devices |
Extensive |
Details of Linux and Mac devices and servers |
TDX Windows Discovery Agent |
Windows devices not on your network(s); alternative to enabling WMI |
Extensive |
Details of Windows devices that cannot be located via WMI, e.g., devices used at home |
Data Providers
Ping
The most basic discovery is done by sending a Ping message to a target IP address. A Ping message is intended to measure the round-trip time for a message to reach a destination computer and then relayed back. The only useful information discovered via a Ping message is whether there is a target at the address that was pinged. This can be used to validate IP addresses.
Learn more in our article on the Ping, Active Directory, and ARPDNS data providers.
ARP
The Asset Discovery Scanner can use Address Resolution Protocol (ARP) queries to determine physical (MAC) addresses for known IP addresses. In order to minimize network traffic and for best performance, it will first check the local server’s ARP cache to see if it contains an entry for the given target. If an entry is not in the cache, it will issue an ARP request directly to the target. The Asset Discovery Scanner will only issue ARP queries for those targets for which a physical address could not be otherwise determined. For many targets, the physical address can be determined more efficiently and reliably using a different protocol.
Learn more in our article on the Ping, Active Directory, and ARPDNS data providers.
DNS
When necessary and when Domain Name System (DNS) services are available, the Asset Discovery Scanner will query those name services for a name associated with a given target (IP address). The Asset Discovery Scanner will only issue DNS queries if a name for a given target was not previously discovered via an alternate method.
Learn more in our article on the Ping, Active Directory, and ARPDNS data providers.
Active Directory (AD)
When so configured, the Asset Discovery Scanner will query specified Active Directory (AD) servers for a list of all computers contained in the directory. Only very basic information can be discovered directly from the directory; however, the computers discovered can then be further interrogated using WMI to collect more detailed information.
Learn more in our article on the Ping, Active Directory, and ARPDNS data providers.
SNMP
SNMP is a protocol for collecting information about network-attached devices and controlling those devices. SNMP is widely used for enterprise network management. Examples of SNMP devices include enterprise- or business-class network printers, switches, routers, and servers.
The amount of information that can be discovered from an SNMP-enabled device is extensive, although much of it is non-standard and varies not only by type of device but from manufacturer to manufacturer.
Learn more in our article on the SNMP data provider.
UPnP
UPnP is a set of protocols that allow devices on a network to discover each other. It is intended primarily for consumer-class devices (not enterprise-class) but has been implemented in a wide variety of device types. Some examples of UPnP devices include routers, media devices, consumer-class printers, and smart TVs.
The amount of information that can be discovered from a UPnP-enabled device is somewhat limited but fairly standard, especially within a particular class of device.
Learn more in our article on the UPnP data provider.
WMI
Windows Management Instrumentation (WMI) is a set of specifications from Microsoft for consolidating the management of devices and applications in a network from Windows computing systems. It provides access to extensive information about hardware and software associated with a Windows system. WMI is disabled by default, and must be enabled on any devices that need to be discovered via WMI. This is typically done via an Active Directory Group Policy.
Learn more in our article on the WMI data provider.
SSH
Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. The Asset Discovery Scanner uses SSH to remotely execute commands on SSH-capable systems, most notably Unix and Apple machines.
Learn more in our article on the SSH data provider.
TDX Windows Discovery Agent
A separate discovery agent is available for Windows computers and serves as an alternative to using the WMI provider. Machines on which the agent is installed will report discovery information back to the scanner, unsolicited, on a regular basis. In certain organizations, deploying the agent may be easier than the configuration necessary for the WMI provider.
Learn more in our article on the TeamDynamix Windows Discovery Agent.