Ping scan large subnets not working properly
phpipam open-source IP address management
Brought to you by:
myha
Menu
▾
▴
#148 Ping scan large subnets not working properly
Hello,
We are currently evaluating phpIPAM on an Ubuntu 12.04.3 LTS platform. All is working well, except for the following...
We want to do a ping scan of a network with a /16 subnet mask, the result is that according to phpIPAM No alive hosts are found. However, if we use the same network address with a smaller subnet mask (/22 for example) we do find a number of hosts...
Is this a known bug, and if so, can it be fixed?
Best regards,
Coen van den Brink
Discussion
Anonymous
I am also having problems with Pinging subnets. But I am trying to setup a cron job to run the supplied script.
Do you know if you have Threads enabled, requires installing pcntl at the Linux OS level?
Thanks,
Graham
Not sure if it's something about HTTP session timeout ?
Same problem here. I can ping scan networks with mask down to /19 but no less.
pcntl is installed.
I've seen the php page is calling the php script functions/scan/DiscoveryPingScript.php and passing all IPs on the command line. I'm wondering if there could be a limitation in the maximum length of the command line arguments.
I wan't to scan a 10.0.0.0/8 subnet with around 1000 hosts in it. But the script fails with the execute time of php.
Is there a way to run the scan from the command line in a screen or something?
I will change the script in a way that all subnet to be scanned is sent to script and not full list of IP addresses.
The timeout occurs because it checks db against each IP address if it is already in database, which kinda doesn't makes sense. Will modify this also in a way that it fetches all existing IP addresses and than compares against this array.
brm
hi, changed some code to improve error reports, and set ping script to accept subnet as argument, but it still fails on my server.
This is the line causing problems:
// loop and get all IP addresses for ping
for($m=1; $m<=$max;$m++) {
$ip[] = transform2decimal($subnet)+$m;
}
For /8 subnet this loop should happen 2^24, meaning ~16 million of iterations, which cause problems in php. But even if it gets through it will take ~65.000 seconds with 256 threads at once + some overhead :)
Other option is mmap, but this will take long time also, I am just trying the /8 and it will take several minutes (approx 15-20), with timeout set to 0,5s, ping only and 1 retry.
My point for this is that subnets up to /20 can be scanned via gui, for bigger ones it should be invoked via cli, running through mmap and inserting hits to database. In this case 3 arguments should be provided:
- subnet ID
- action (print/insert)
- resolve DNS
I can prepare script if this is ok.
brm
I'm insterested in this use case. Currently scanIPAddressesScript.php works on CLI but returns an integer list of the IPs used/free, it's missing the DNS query and DB insert.
Hi,
To circumvent the problem we finally developped a script that goes fetch the IP addresses and MAC from the ARP tables of the router. It does this via SNMP. It also has the advantage of getting IP addresses of VLANs not visible from the phpipam server. It also has the advantage of being extremely fast, no pings, just a straightforward snmp table read.
It's probably not clean enough to be distributed directly, but if you're interested I can send that script to you. Just tell me how.
Thanks,
Olivier.
Hi Olivier Boudry,
Which version of snmp did you ipmlemented in your script?
It would be great if first release of phpIPAM could work with snmp.
Thanks,
Orkhan.
Orkhan,
It uses http://uk1.php.net/snmprealwalk which seems to use v1. That's not great but can probably be easily replaced by a library that does v1 to v3.
Best regards,
Olivier.
Hi, getting IP addresses from ARP table / MAC address table would work, but additional fields should be provided for SNMP for each device that will be probed than.
Which OID are you using for walk?
snmpwalk -mALL -v2c -ccommunity router1 OID
OIDs:
IpAdEntAddr - returns all configured IP addresses on router/switch
atPhysAddress - MAC:IP (mac address table)
As far as I was able to get info from google for Cisco FW you cannot get ARP table.
Any other useful OID? :)
p.s.:
V 1.0 will be out this week, without SNMP support.
We too are having issue in v1.0 running on Ubuntu 12.04.3 LTS. All of our /23s and higher work fine. but the second we try to add in any of the discovered hosts from our /22, /21, /20, and /19s, they all seem to fail.
They scan fine, they show as discovered, and you can even "Add Discovered Hosts". But then, they don't actually show up in the Visual table, or on the subnet itself.
View and moderate all "bugs Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Bugs"
Hello. Is there any way to configure this to run on a certain number of ping discoveries at a time? I notice it it can have as many as 130 at a time on large networks. I would like to give no more than 10 a a time.
Thanks! Great so far.
'Max scan threads' under administration > server settings.