Managing explorers

The Rumble Explorer is a lightweight scan engine that enables network and asset discovery. You should have at least one explorer deployed per broadcast domain. After deployment, you can manage your explorers from the Deploy page in your Rumble web console.

Viewing all explorers

For each explorer, you can see:

  • The explorer status (whether it is communicating with Rumble)
  • The OS it is running on
  • Its name
  • Any site it is associated with
  • Its IP addresses
  • The software version it is running
  • Whether the version of npcap installed is up-to-date, if the OS is Windows (see upgrading npcap below)
  • The CPU architecture of the host machine
  • Any tags associated with the explorer
  • The status of its last scan
  • Its capabilities, like Chrome support

Screenshot capabilities

To capture screenshots, Chrome must be installed. You can check if an explorer has screenshot capabilities by looking for the Chrome icon in the Capabilities column.

Here’s what each icon means:

  • Green icon - The explorer has access to a Google Chrome binary and can take screenshots.
  • Red icon - No suitable Chrome binary was found.

Searching for explorers

You can use the search bar to find explorers. The query syntax is similar to other search bars in Rumble, with keywords to filter by specific fields:

Keyword Search by Example
arch: CPU architecture arch:amd64
name: assigned name name:scanner.local
address: IP address address:10.0.1.200
capability: capabilities capability:screenshot or capability:aws
tag: assigned tag tag:dev
npcap_version: npcap version npcap_version:1.31

Explorer actions

Each explorer has a set of action buttons that allow you to:

  • Reinstall an explorer - Performs a reinstall or upgrade of the explorer. The current explorer will download the latest explorer code from Rumble, and then run the install process.
  • Configure an explorer - You can associate the explorer with a specific site, and add tags to it. You can also set the maximum number of concurrent scans allowed – for Professional and Enterprise licenses, a single explorer can be configured to run multiple scan tasks at once.
  • Reassign an explorer - You can reassign an explorer to a different organization within your account or even to a different Rumble client account entirely.
  • Remove an explorer - If the explorer is running, the explorer will be asked to uninstall itself from the host machine. If the explorer is not running, you can still tell Rumble to forget about it. This is useful if you have decommissioned the machine the explorer was running on or uninstalled the explorer manually. If the explorer runs again after Rumble has been told to forget it, it will be readded to the registered explorers list.

Bulk management operations

Bulk operations allow you to perform a set of actions to multiple explorers at one time. Bulk actions are available from the Manage All Explorers menu.

You can bulk:

  • Update all online explorers - Tells all explorers–that are up and communicating with Rumble–to upgrade their software.
  • Forget all offline explorers - Clears all explorers currently offline, and makes Rumble forget them. No data will be lost. If any of the explorers are reactivated, they will be added back to the active list.
  • Uninstall all online explorers - Tells all online explorers to uninstall themselves from their host systems.
  • Automatically assign sites - Runs through all of the explorers that are not currently assigned to a specific site. It checks their IP address against the CIDR IP ranges of the registered subnets of all sites in the current organization. If the explorer’s IP address only matches a single site, the explorer is assigned to that site.

Viewing explorer details

Clicking on an explorer’s name takes you to a page showing the diagnostic information for that explorer, including its software version, available memory, and network interfaces.

At the bottom of the page is a diagnostics text area. Clicking the Update Diagnostics button will fetch an updated list of all sub-processes active within the explorer. This is useful to send to Rumble support if you are having problems with a particular explorer.

Upgrading npcap

On Windows, Rumble uses a licensed third-party library called npcap for access to raw network traffic. Other software installed on the explorer’s host machine may also use npcap, and sometimes will have installed obsolete versions of the software. This can cause reliability problems.

Rumble will alert you to obsolete versions of npcap by displaying a warning icon in the list of explorers.

However, Rumble cannot yet reliably upgrade npcap for you. Rumble can’t automatically upgrade npcap/winpcap, as it tends to be shared between applications, and forcing an upgrade from the Rumble side can break other services (EDRs, Wireshark, etc).

To upgrade npcap manually:

  1. Stop any running Rumble services. This can be done using the Windows Services app. You’ll need to look for “Rumble Network Discovery Explorer”.
  2. Stop any other running software which uses npcap.
  3. Uninstall Winpcap and any npcap installations via the Windows Control Panel.
  4. Reboot the computer.

Rumble will restart automatically, and install the latest npcap.