Port probes

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Port probes

    Port probes in ServiceNow Discovery, executed by the Shazzam probe, detect protocol activity on open ports of network devices. When a port probe identifies a protocol in use, the Shazzam sensor determines which classification probe to launch based on the port probe record. This process enables accurate device classification by sequentially attempting protocols in a prioritized order.

    Show full answer Show less

    Key Features

    • Protocol Prioritization: The base system prioritizes common protocols in this order: 1 - WMI, 2 - SSH, 3 - SNMP, 4 - HTTP. For example, if WMI succeeds, subsequent probes are skipped, optimizing discovery efficiency.
    • Port Probe Configuration: Accessible via Discovery Definition > Port Probes, the Port Probe form allows you to define multiple classification probes linked to a port probe. This setup ensures if one classification fails, others can still run, enhancing discovery performance.
    • Port Probe Form Fields: Includes key settings like Name, Description, Scanner type (protocol-specific or generic), Activation status for Configuration Items (CIs) and IPs, Services triggering the probe, Classification target table, Priority order, Supplementary launches after higher-priority successes, Conditional execution based on open ports, and custom scripts.
    • Conditional Probes: These run only if non-conditional probes detect open ports. They focus on resolving Windows and DNS device names, consuming additional resources only when needed.
    • Shazzam Probe Role: Performs initial port scanning across specified IP ranges to identify active devices and protocols. It supports JSON encoding for payloads to optimize network traffic when scanning large IP ranges.

    Practical Implications for ServiceNow Customers

    • By understanding and configuring port probes, customers can control how Discovery identifies device protocols, helping ensure accurate and efficient device classification.
    • Adjusting probe priorities and adding multiple classification probes to a port probe can improve discovery reliability, especially in environments where devices support multiple protocols.
    • Configuring conditional port probes allows for resource-efficient discovery by limiting certain probes to relevant devices only.
    • Optimizing Shazzam probe settings, including enabling JSON payload encoding, helps manage network load during large-scale discovery operations.

    Port probes are used in Discovery by the Shazzam probe to detect protocol activity on open ports on devices it encounters.

    When a port probe encounters a protocol in use, the Shazzam sensor checks the port probe record to determine which classification probe to launch. The common protocols WMI, SSH, SNMP, and HTTP in the base system have priority numbers that control the order in which they are launched.

    The priority is as follows:

    • 1 - WMI
    • 2 - SSH
    • 3 - SNMP
    • 4 - HTTP

    In the base system, the WMI probe is always launched first, and if it is successful on a device, no other port probes are launched for that device. If the WMI probe is not successful, then the SSH probe is launched to gather information on the device. If it is not successful, the SNMP probe is launched. This method allows Discovery to classify a device correctly if the device is running more than one protocol (for example, SSH, SNMP, and HTTP).

    Discovery Port Probe form

    To access the Port Probe form, navigate to Discovery Definition > Port Probes.

    To add multiple classification probes to a port probe, create a link between the port probe and the actual classification probe itself. See the bottom of the form to add additional Trigger probes. That way, if one classification fails, it does not affect the others, thus Discovery performance may be enhanced.
    Discovery port probe form
    The Port Probe form provides the following fields:
    Table 1. Port probes
    Field Input Value
    Name Simple name for the port probe that reflects its function (for example, SNMP).
    Description Definition of the acronym for the protocol. (For example, SSH is Secure Shell login).
    Scanner Shazzam techniques for exploring a port. Some of these are protocol-specific, and others are generic. For example, a WMI port probe uses a Scanner value of Generic TCP, and the SNMP port probe uses a value of SNMP.
    Active Indicates whether this port probe is active or inactive.
    CIs Indicates whether this port probe is active or inactive for discovering Configuration Items.
    IPs Indicates whether this port probe is active or inactive for discovering IP addresses.
    Triggered by services Indicates which services define the port usage. Use this setting to define non-standard port usage and pair the port number with the protocol.
    Use classification Names the appropriate classification table, based on the protocol being explored.
    Classification priority

    Establishes the priority in which this port probe runs. If the first port probe fails, then the next probe runs on the device, and so forth, until the correct data is returned. This allows for the proper classification of a device that has two running protocols, such as SSH and SNMP. The default priorities for the Discovery protocols are:

    • 1 - WMI
    • 2 - SSH
    • 3 - SNMP
    • 4 - HTTP
    Supplementary Launches supplementary classifications after a higher-priority identification succeeds, in order of priority.
    Conditional

    Runs this port probe if any one of the non-conditional probes returns an open port. The conditional port probes in the base system attempt to resolve the names of Windows devices and DNS names. These ports probes take additional resources and are not used unless activity is detected on open ports.
    Script Script to run.