Network Discovery

Network Device Discovery

Network device discovery is the first step in mapping and monitoring your networked infrastructure.

Topology discovery, the process of discovering and mapping network devices and links, is vital for a network’s efficiency. With the advent of virtualization and mobile computing, current networks change dynamically, and automatic topology discovery is essential for network mapping and network monitoring, identifying bottlenecks and failures, and ensuring optimum network efficiency.

Maintaining an Accurate Network Inventory

Keeping an up-to-date network inventory of hardware and software assets, physical and virtual resources, deployed patches and topology maps is only possible via automatic Layer 2/3 discovery tools. While Layer 3 identifies devices, Layer 2 connectivity is essential for identifying the physical topology between devices.

discovered-devices-list-1024x665 List of discovered devices

Device Discovery Tools

Device discovery tools simplify the process using a variety of discovery protocols to discover and collect information about:

  • Physical assets such as routers, switches, servers, hosts and firewalls
  • Software assets such as applications, operating systems, and services
  • Virtual devices and networks
  • How everything is connected.

A device discovery tool should include both Layer 3 (devices) and Layer 2 discovery (port-to-port connectivity). While Layer 3 uses IP addressing to discover devices with routing and subnet information, Layer 2 discovery is essential to discover the actual physical (port/interface level) connections between devices.

By drilling down to individual switch ports, it is possible to offer a more granular view of the network topology. By combining Layer 3 and Layer 2 discoveries, a network device discovery tool can provide a 360° view of the network, right down to the switch, port, VLAN and MAC information for a given IP address.

Map of discovered devices on a network

Common Discovery Protocols


SNMP is the predominantly used network management protocol, with a majority of network devices being SNMP-enabled. The SNMP manager software, present in the network management solution, uses UDP polling to identify SNMP-enabled devices in the network. This is done by identifying replies sent by the SNMP agent software installed on all SNMP devices. Additionally, using UDP avoids the traffic overload of a full-blown TCP poll, and has minimal impact on network performance. Further queries are sent to these devices to identify them (as a router, switches, hubs, firewalls and so on). Device-related data are stored in SNMP-enabled devices as Object Identifiers (OIDs) – varying as per the device; printers would have data on ink levels and so on; switches would provide port in/port out data; routers might provide forwarding data, NAT table information etc). These OIDs, stored in Management Information Bases (MIBs), are exchanged between SNMP agent software and the manager software for automatic discovery of network devices and their attributes.

Link Layer Discovery Protocol (LLDP)

Link Layer Discovery Protocol (LLDP) is a vendor-neutral one-way protocol, working at Layer 2 to facilitate exchange of device information between directly connected devices. Each LLDP enabled device transmits device information (device type/ID, port ID) on to its directly connected neighbors, which then store this information on management information databases (MIBs). Network management software ideally uses these MIBs to collect device information, moving on from neighbor to neighbor until the entire network topology is mapped out.


Ping is another network discovery tool – by sending ICMP echo queries, and subsequently discovering echo replies, network management software can discover devices on a network responding to ICMP requests.

Active probes

Active probes send out light-weight executables (the “probe” packets) through the network. The probes scan the network, and transmit device-related data back to the discovery tool through a secure communication channel.

Route Analytics

Route Analytics use protocols like OSPF and EIRGP to map networks.

Address Resolution Protocol (ARP)

Address Resolution Protocol (ARP) maps IP addresses to the corresponding Layer 2 MAC address. By using SNMP to query the ARP cache of a device, the network management software can build its own database of routing and subnet information (Layer 3) as well as interface information (Layer 2) of the device’s neighbors. This process is continued with the neighboring devices until the entire network is discovered.

Automated Layer 2/3 Device Discovery

WhatsUp Gold scans networks in minutes and generates granular, real-time topology maps at both Layer 2 and Layer 3 levels. WhatsUp Gold leverages SNMP Smart Scan, IP Range Scan, WMI, ICMP, SSH, VMware Scan, ARP Cache Discovery and Ping Sweep to discover and monitor everything connected to your network, providing a single end-to-end view of your networked infrastructure.

Monitor Everything in Your Network

Start Your Free Trial of WhatsUp Gold