Option Profile Title Tab Scan Tab  System Authentication Tab Additional Tab

VM Option Profile: Map

The Map tab is where you'll make map settings like which ports and hosts to scan for basic information gathering on hosts during mapping and whether to disable DNS traffic.

Jump to a section below:

Perform Basic Information Gathering on




Perform Basic Information Gathering on

In this section, select the hosts and the ports to scan for basic information gathering during maps. 

You'll see these options:

- All Hosts (hosts detected by the map)

- Registered Hosts only (hosts in your account)

- Netblock Hosts only (hosts added by a user to the netblock for the target domain)

- None

How does it work?

Additional scan tests are launched, which may result in the detection of additional devices, such as routers. We attempt to identify the operating system installed on each host and we scan ports to determine which ports are open. We also send UDP packets to UDP port 1 and a random port for path discovery.

Which hosts are scanned?

This depends on your selection under "Perform Basic Information Gathering on". All Hosts includes every host detected during the mapping process. Registered Hosts includes hosts in your account. Netblock Hosts includes hosts in the netblock for the mapped domain.

Tell me about ports that are always scanned for a map

Ports 80 and 88 are scanned by default even if you clear all port options in the Map and Additional sections of the option profile. The scanner sends a TCP SYN packet (with the port as the destination port) as well as TCP ACK and TCP SYN+ACK packets. So even if you've cleared (unchecked) all ports, you will still see TCP SYN, TCP ACK and TCP SYN+ACK packets for ports 80 and 88.


Perform Live Host Sweep

During a map, we must first determine which hosts are alive. We ping every host within the target domain's netblock using ICMP, TCP and UDP probes. TCP and UDP probes are sent to default ports for common services, such as DNS, TELNET, SMTP, HTTP and SNMP. If these probes trigger at least one response from the host, the host is considered alive and is reported on.

Uncheck (clear) this option to only discover devices using DNS discovery methods (DNS, Reverse DNS and DNS Zone Transfer.) Active probes will not be sent. As a result, we may not be able to detect all hosts in the netblock, and undetected hosts will not be analyzed.

Disable DNS traffic

Check this option if you want to disable DNS traffic for maps. This is valid only when the target domain name includes one or more netblocks, e.g. none:[]. We'll perform network discovery only for the IP addresses in the netblocks. No forward or reverse DNS lookups, DNS zone transfers or DNS guessing/bruteforcing will be made, and DNS information will not be included in map results.


Important - Performance settings should only be customized under special circumstances by users with an in-depth knowledge of the target network and available bandwidth resources.

This section allows you to configure performance settings when mapping domains with netblocks. We'll select the performance level "Normal" initially and this is recommended in most cases. Click Configure to change to another performance level. You can also define a custom level - select Custom for Overall Performance and configure the settings. Want to know more? See map performance settings.  


vCenter authentication for ESX/ESXi host discovery

Select this option to run a map using vCenter authentication to discover ESX/ESXi hosts. You'll need this vCenter map data to scan ESXi hosts using vCenter. vCenter authentication is required. Be sure to set up vCenter authentication records under Scans > Authentication. Learn more

ESX/ESXi authentication for guest discovery

Select this option to run a map using VMware authentication to retrieve a list of virtual guest hosts residing on a VMware server. VMware authentication is required. Be sure to set up VMware authentication records under Scans > Authentication. Learn more