Frequently Asked Questions

Solutions to some common Rumble issues. Still can’t find your answer? Let us know.

Why are there so many identical assets in my inventory?

Some enterprise routers and firewalls, like Cisco ASA devices, are designed to reply to all unexpected attempts on a particular port with a TCP reset (RST). On top of that, some routers listen to SIP traffic on all addresses and automatically respond to it.

Rumble will generally detect when a router or firewall is replying to every connection attempt and avoid creating assets based on those responses. However, if you have a network appliance that Rumble doesn’t detect is spoofing response, there may be a substantial number of identical assets that will appear in your inventory.

Here are a few workarounds if you can’t prevent your device from replying to all connections:

  • Exclude the ports the device responds to from the scan configuration.
  • Exclude all or part of the router’s IP address range from the scan.
  • Create a post-scan rule to delete any assets within the subnet that have the affected ports open.

These systems will respond to all request on 1720/tcp and often 5060/tcp as well. Rumble tries to automatically detect and avoid most of the SIP helper implementations, but can’t always do so without possibly losing real results. If you neeed help deleting unwanted records, please contact our support team.

How do I run Rumble without crashing my router?

The likely issue is your router is stateful, and it is keeping track of every connection going through it. Since our scanning process involves thousands of attempted connections, your router likely ran out of memory. This usually occurs when a router is using Network Address Translation (NAT) or is acting as a stateful security firewall.

If this happens, here’s what you can do:

  • Check if there is a firmware update for your router.
  • Avoid scanning across wired and WiFi boundaries.
  • Use bridge mode, if possible, for more reliability.
  • Reduce the Max group size in your scan configuration. This limits the number of targets Rumble can scan at once, which correlates to the number of connections the router sees. Default is 4096.
  • Reduce the scan speed. This will give failed connections more time to expire before new ones are attempted.

How do I scan VMware virtual machines without crashing the host?

Rumble can be used to scan VMware virtual machines. However, there are some precautions you should take.

VMnet interfaces normally use Network Address Translation (NAT) to route traffic between the host system and the virtual machines. The VMware software effectively operates as a stateful router. As explained above, this can cause problems when Rumble tries to open thousands of connections.

For scanning VMware systems, the best option is to deploy a Rumble Explorer inside VMware, on a virtual machine connected to the VMnet you want to scan. That explorer should be able to scan all VMs on the same VMnet without VMware needing to track all of the connections.

Why didn’t the Rumble Explorer capture screenshots?

The Rumble Explorer needs a working install of Google Chrome to obtain screenshots. To check for Google Chrome, the explorer looks in the following locations on each OS.

Windows

The Rumble Explorer looks for Chrome on Windows in:

c:\Program Files (x86)\Google\Chrome\Application\chrome.exe

The explorer also checks the following environment variables:

  • ProgramFiles(x86)
  • ProgramFiles
  • ProgramW6432

Each may list another directory, in which case the explorer looks in \Google\Chrome\Application\chrome.exe under each of those directories as well.

To find what the environment variables are set to, open a Windows command prompt and entering the command set.

For a default Windows 10 install, the default value of ProgramFiles and ProgramW6432 is c:\Program Files, which means the explorer also checks the following location:

c:\Program Files\Google\Chrome\Application\chrome.exe

This is the default location for Chrome on a 64 bit Windows 10 system.

MacOS

On macOS, the explorer checks for Google Chrome in the following locations:

  • /Applications/Google Chrome.app/Contents/MacOS/Google Chrome
  • /Applications/Google Chrome Canary.app/Contents/MacOS/Google Chrome Canary
  • /Applications/Chromium.app/Contents/MacOS/Chromium

Linux

On Linux systems, the explorer checks for Google Chrome at the following locations:

  • /usr/bin/google-chrome
  • /usr/bin/google-chrome-beta
  • /usr/bin/google-chrome-unstable
  • /usr/local/bin/chrome
  • /usr/bin/chrome
  • /opt/google/chrome/google-chrome
  • /usr/bin/chromium-browser
  • /usr/bin/chromium

Chrome is installed, but screenshots still don’t work

If Google Chrome is installed in one of the standard locations, but isn’t being found, it could be a permissions issue. It is also possible for Chrome to fail to run for other reasons, such as a corrupt Chrome profile. The next thing you can do is download the Rumble Scanner and run a scan to disk, which will write a log file that will have more detail about the scan operation.