Unmanaged Asset Scan reporting entry for ever IP

(imported topic written by SystemAdmin)


I remember in past when a scan was sent - only devices that were alive and responded would display in Unmanaged Assets. Now when we scan - an entry for every IP is displayed in the console - even if IP is not in use. If one subnet is scanned - we get 255 entries. Is that the normal output now for a scan (did that change with last NMAP update(s))? Have tried it both using scan points and the direct “Scan Now” default task. Thanks!


(imported comment written by JackCoates91)

Hi Mike,

no, that is not normal. Has anything else changed in the environment?

(imported comment written by BenKus)

I found this in one of our support cases in an issue that sounds very similar:

"In my case there are 230 machines showing up as “n/a” that shouldn’t be showing up at all. The problem here that is causing the odd behavior is that there is a one to one NAT in the router even for machines that aren’t actually there. My expection is that the router is then responding to the physical address request (arp) and then when it pings or tries a scan nmap reports it as down because it was theoretically up via the ARP but then couldn’t be scanned. "

Is it possible that your networking equipment is responding to an ICMP/ARP request for each IP (even if no device is using the IP)?


(imported comment written by cstoneba)

I am seening this as well (all IPs reporting). It seems to have happened only since the most recent nmap upgrade (to v5.20). Can anyone else confirm that?

(imported comment written by SystemAdmin)

We are a flat network - no NATs - and the core does not respond to any scan requests. If I use other tools to scan a subnet only the devices alive respond.

We are up on the latest version 5.20 - and this oddity only seems to be since then. Prior to that update - our scans came back with only alive IPs and non BES systems. Now we also get back all registered BES systems in unmanaged assests.

Open a support case? :slight_smile:


(imported comment written by SystemAdmin)

Something tells me we had to remove and re-install the “BES NMAP Unmanaged Asset Importer” service and / or redeploy the scan actions and this went away. It’s been a few months though and my memory isn’t the best.

(imported comment written by SystemAdmin)

Should I try a remove and re-install as a first resolution attempt?

(imported comment written by BenKus)

Hey Mike,

That would be good to try… Perhaps you have an old importer…


(imported comment written by kevin_friedheim)

NMap 5.20 has instituted new behavior with the verbosity of its XML output. It now displays down hosts. The current BES Unmanaged Asset Importer tool does not handle these down hosts gracefully and displays them in the console. We will provide an upgrade to the Importer tool soon that will resolve this issue.

Sorry for any inconvenience this may have caused.