Network neighborhood in detail

General 

 Network Neighborhood allows you to view all the machines that have communicated over the last 30 days with the server agent you have selected. This data is passively collected every second by reading the agent's ARP cache. Depending on the types of data to be collected, the polling time may change (OS: 24h, Netbios: 20min, IP: 1s). The detected modifications are sent in near real time, the unmodified neighbors are sent back every 24 hours. 

 

MAC  

Each machine is identified by its MAC address. When a new MAC entry is detected for the first time, it is sent back to the dashboard almost in real time. A new alert is also available in the Heartbeat portion of the "Alert" page so that you can be alerted when a new item is detected. 

 

MAC vendor 

The data in the manufacturer column is derived from the MAC address. 

  

Local IP 

The displayed IP is the local IP on the network. This data is updated every second. 

 

Windows detected 

Detection of the operating system is an indication based on the TTL setting of the ping. Only the Windows OS can be clearly identified if its ping TTL is left by default on the machine. 

The detection of OS is made at the discovery of the neighbor then every 24 hours. 

 

Ports opening and necessary services 

In order for the agent to be able to detect the operating system of neighboring machines, it is necessary that: 

  • On inquirer agent : File and Printer Sharing (echo request - ICMPv4-In)
  • On detected neighbor : File and Printer Sharing (echo request - ICMPv4-Out) 

 

ALERTING 

It is possible to configure a new alert when a new neighbor is detected. The "New neighbor detected" alert is available in the Heartbeat section of the Configuration / Alert page. You can associate it with the definition of an advanced expression in order to precisely filter the characteristics of the neighbor that will trigger the alert. The list of available filterable elements is like the columns on the "Network neighborhood" page. This data is accessible from the "event" object. 

 

It is: 

ip, mac, netbiosupdatedAtcreatedAtmacVendordetectedOshasCorrespondingAgent 

Example: I only want to be alerted for HP vendor neighbors with Windows as detected OS: 

 event.macVendor == 'HP and event.detectedOs ==' windows' 

 

 WAKE ON LAN 

It is possible to send a Wake On Lan magic packet to a network neighbor. Each package will be specifically crafted for the targeted neighbor. To do this, simply click on the action button in the form of On / Off or select several agents then click on the Wake On Lan button at the top of the page. 

 

DEPLOYMENT OF AGENTS 

It is only possible to deploy the RG agent from a well-configured Windows-type server agent (WMI-Out and DCOM-Out firewall open). 

 

If you only have a workstation type agent, you can promote your agent to an Server agent to take advantage of this feature. 

 

The RG Windows agent will be downloaded from the RG cloud. The weight of the RG agent remains stable over time with a size of around 10 megabyte. 

 

Prerequisites for the proper functioning of the agent deployment on a neighboring machine: 

- The target machines must run at least Windows 7 / Windows Server 2008 R2 (PowerShell 2.0 compatibility); 

- The WMI Remote service must be activated on the target machine; 

- Windows must be installed on the C: disk of the target machine; 

- The firewall must accept WMI-In and DCOM-In connections 

 

In order to deploy the RG agent, an Active Directory domain controller must be present in the network of the target machine. If this is not the case, a local account can be used with the following conditions: 

- Either UAC is disabled on the target machines and local administrator credentials are used; 

- Either the default Windows Administrator account is used without disabling UAC. 

 

To go further on the necessary WMI configurations, you can refer to this tutorial: https://docs.microsoft.com/en-us/windows/win32/wmisdk/connecting-to-wmi-remotely-starting-with- vista 

 

Cases of errors

Help with resolving agent deployment errors: 

 

Connection failed (credentials or network) 

 Deployment agent failed to contact the remote machine. The causes of this error can be: 

- the neighbor no longer exists or is not present in the network; 

- the neighboring machine is switched off; 

- network problem; 

- the machine is not configured correctly (see previous paragraph); 

- The identifiers provided do not allow authentication to the remote machine. 

 

Already installed 

   - The RG-Supervision service already exists on the target machine. 

 

 

Download and extract failed 

  •  Impossible to download the RG installation zip located here https://dashboard.rg-supervision.com/download/rgsupv-win.zip (different URL for dedicated infrastructures), the server cannot be reached.   
  • Confirm by trying to download it from a web browser on the remote machine then contact support;  
  • Check and confirm that the C: \ Windows \ Temp folder exists;  
    • Check in C: \ Windows \ Temp that the rgsupv-win.zip file exists. If so, the download worked fine. Please check the extraction ;  
    • Check in C: \ Windows \ Temp that RG-Setup.exe, Tools and rgsupv_XXXXXX.txt exist: if so, the extraction worked well. 

 

Register failed 

 

  • Registration with our servers did not work, please try to run a network test via the RG agent interface from the deployer agent: C: \ Windows \ Temp \ RG-Setup.exe;  
  • If the deployment is done on an on-premise infrastructure, please check that the deployment agent has in its registry the key "expected-host-name" in (HKEY_LOCAL_MACHINE \ SOFTWARE \ WOW6432Node \ RG Systemes \ RG Supervision \ network) entered at the correct value. If not, please fill it in and restart the deployment.