olivier/stupid-simple-network-inventory
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add soft scan mode (slow ICMP) to avoid switch/AP rate-limiting

Browse Source 
Reduces ICMP concurrency from 100 to 10 workers when soft_scan=true,
spreading out probes to avoid rate-limiting on managed switches and APs.
The option is hidden in the UI when TCP check is active (redundant).

Update README (en/fr/es), docs/backend.md with the new scan modes table
and a troubleshooting entry for ICMP rate-limiting.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Olivier
2026-05-18 15:26:50 +02:00
parent aa39898c80
commit 5c34143b52
7 changed files with 70 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+12 -1
View File
@@ -429,13 +429,24 @@ npm run dev # Vite dev server on :5173, proxies /api/ to :8000
**Cause** — Some network equipment (notably UniFi Security Gateway, Dream Machine, and similar devices) enables proxy-ARP and responds to ICMP pings for **every** IP in the subnet, spoofing the source IP of the reply. The built-in source-IP check in the scanner cannot filter these false positives.
**Fix** — Enable the **"TCP check (anti proxy-ARP)"** option in the scan configuration screen. This option probes each host on TCP ports 22, 80, 443, 8080, and 8443 after the ICMP ping:
**Fix** — Enable the **"TCP check (anti proxy-ARP)"** option in the scan configuration screen. This option uses TCP instead of ICMP to detect live hosts (ports 22, 80, 443, 8080, 8443):
- A **real host** replies with RST (port closed) or accepts the connection → marked alive.
- A **ghost IP**: the gateway silently drops the SYN without replying → timeout → discarded.
> **Note**: a device whose firewall silently drops (*DROP*, without RST) **all** probed ports will not be discovered automatically and must be added manually.
### Some devices are missing from the scan (ICMP rate-limiting)
**Symptom** — A few hosts (APs, switches, IoT devices) respond to a direct ping but are not found during a full subnet scan.
**Cause** — When 100 concurrent ICMP workers flood a `/24`, some devices or managed switches rate-limit ICMP responses. The device drops the probe during the scan even though a single ping works fine.
**Fix** — Two options:
- Enable **"Soft scan (slow ICMP)"**: reduces concurrency from 100 to 10 workers. The scan takes longer but ICMP probes are spread out, avoiding rate-limiting. Best for subnets without proxy-ARP.
- Enable **"TCP check (anti proxy-ARP)"**: bypasses ICMP entirely. TCP probes are not subject to the same rate-limiting. Best when both proxy-ARP and rate-limiting are present.
---
## 🏗️ Architecture