Data Loss Prevention

 View Only

  • 1.  Vontu > Network Discover > TCP ports needed

    Posted Feb 22, 2012 01:03 PM

    Hi, I've been troubleshooting an issue where it seems to be related to connectivity, as per the admin manual it says Network discover needs TCP/8090 to be allowed from and to the destination server to be scanned: 

    What connectivity needs to be in place in order to perform a Network Discover Filesystem Scan?

    Source: Network Discover
    Destination: Windows Server with File System agent installed
    Port: TCP/8090 (default)

     

    However by looking at the traffic I see a lot of packets being sent from the Network Discover to the Windows server at random ports such as , TCP/1308,1314,1316,1318,1319, etc

    a) So what ports need to be open in order to make this work? and

    b) Once I've run the FileSystem, it wont work a second time, in the same server, is there any setting i need to turn on to make this work?

     

    ---

    scanner controller:

     

     

    ###########################################################################
    # Connection to the Discover Server                                       #
    ###########################################################################
     
    discover.host = 192.168.1.80
    discover.port = 8090
    discover.compress = true
    discover.retry.interval = 10000
     
    scanner.incremental = false
    scanner.send.endofscanmarker = true
     
    ###########################################################################
    # Advanced Settings                                                       #
    ###########################################################################
    clean.script = C:\\Archivos de programa\\FileSystemScanner/bin/Clean
     
    outgoing.folder.path = C:\\Archivos de programa\\FileSystemScanner/outgoing
     
    failed.folder.path = C:\\Archivos de programa\\FileSystemScanner/failed
     
    scanner.config.path = C:\\Archivos de programa\\FileSystemScanner/config
    scanner.executable = C:\\Archivos de programa\\FileSystemScanner/scanner/VontuFileSystemScanner.exe
     
    dre.fake.port = 19821
    queue.folder.path = C:\\Archivos de programa\\FileSystemScanner/scanner/outgoing
     
     
     
    ---vontu filesystem scanner---
     
    [Configuration]
    //###########################################################################
    //#   Jobs
    //###########################################################################
    Number=1
    0=Job0
     
    [Job0]
    DirectoryPathCSVs=C:\
    DirectoryCantHaveCSVs=*/temp/*,*/WINDOWS/*,*/windows/*
    DirectoryMustHaveCSVs=
    DirectoryFileMatch=*
     
     
     
    *note it still scanns Windows directory, how can i exclude it?
     
     
     
     
     
     
     

    thanks!

     

     

     

     



  • 2.  RE: Vontu > Network Discover > TCP ports needed
    Best Answer

    Posted Feb 23, 2012 03:29 PM

    Why use the Windows file system scanner at all?  If you have appropriate credentials, why not just mount the file system on that server as a share and use a standard Network Discover scan (i.e. define the target as //mytargetserver/c$)?

    If it's a perceived bandwidth issue, you're going to use about the same amount of bandwidth either way.  Alternatively, if you have Endpoint Discover licensed, use an Endpoint Agent on that server for the explicit purpose of doing file system scans (might require you to deploy an additional Endpoint detection server to manage your server-based agents however).



  • 3.  RE: Vontu > Network Discover > TCP ports needed

    Posted Feb 23, 2012 04:18 PM

    I haven't tried that, Im doing it now, thanks for your suggestion, once completed I'll report back  the results.



  • 4.  RE: Vontu > Network Discover > TCP ports needed

    Posted Mar 19, 2012 11:22 AM

    Hi K0r3

    You can check all the ports to default or make below changes and test

    The ports used below are default ports. The system administrator at the customer site should be consulted to check if any of the ports used has been modified in their environment. 

    NOTE:  Port 8100 is the default port used by all detection servers to communicate with the enforce server.  

     

    try to modify existing port 8090 to TCP port  2049



  • 5.  RE: Vontu > Network Discover > TCP ports needed

    Posted Mar 28, 2012 12:35 AM

    hi Kor3,

    please find the below

     On Windows,

    select Start > Vontu FileSystem Scanner > Vontu FileSystem Scanner Console.


    On UNIX,

    enter the following command:
    /opt/FileSystemScanner/bin/FileSystemScanner_Console

     

    discover.port      8090     The Network Discover port to which the scanner routes data.