Frequently Asked Questions

Solutions to some common Rumble issues. Still can’t find your answer? Let us know.

Why are there so many identical assets in my inventory?

Some enterprise routers and firewalls, like Cisco ASA devices, are designed to reply to all unexpected attempts on a particular port with a TCP reset (RST). On top of that, some routers listen to SIP traffic on all addresses and automatically respond to it.

Rumble will generally detect when a router or firewall is replying to every connection attempt and avoid creating assets based on those responses. However, if you have a network appliance that Rumble doesn’t detect is spoofing response, there may be a substantial number of identical assets that will appear in your inventory.

Here are a few workarounds if you can’t prevent your device from replying to all connections:

  • Exclude the ports the device responds to from the scan configuration.
  • Exclude all or part of the router’s IP address range from the scan.
  • Create a post-scan rule to delete any assets within the subnet that have the affected ports open.

These systems will respond to all requests on 1720/tcp and often 5060/tcp as well. Rumble tries to automatically detect and avoid most of the SIP helper implementations, but can’t always do so without possibly losing real results. If you neeed help deleting unwanted records, please contact our support team.

How do I run Rumble without crashing my router?

The likely issue is your router is stateful, and it is keeping track of every connection going through it. Since our scanning process involves thousands of attempted connections, your router likely ran out of available stateful sessions. This usually occurs when a router is using Network Address Translation (NAT) or is acting as a stateful security firewall.

If this happens, here’s what you can do:

  • Avoid scanning across routed networks (wired and WiFi, multiple VLANs, etc) by deploying additional Explorers.
  • Reduce the Max group size in your scan configuration. This limits the number of targets Rumble can scan at once, which correlates to the number of connections the router sees. Default is 4096.
  • Reduce the scan speed. This will give failed connections more time to expire before new ones are attempted.

How do I scan VMware virtual machines without crashing the host?

Rumble can be used to scan VMware virtual machines. However, there are some precautions you should take.

VMnet interfaces normally use Network Address Translation (NAT) to route traffic between the host system and the virtual machines. The VMware software effectively operates as a stateful router. As explained above, this can cause problems when Rumble tries to open thousands of connections.

For scanning VMware systems, the best option is to deploy a Rumble Explorer inside VMware, on a virtual machine connected to the VMnet you want to scan. That explorer should be able to scan all VMs on the same VMnet without VMware needing to track all of the connections.

Why didn’t the Rumble Explorer capture screenshots?

The Rumble Explorer needs a working install of Google Chrome to obtain screenshots. To check for Google Chrome, the explorer looks in the following locations on each OS.

Windows

The Rumble Explorer looks for Chrome on Windows in:

c:\Program Files (x86)\Google\Chrome\Application\chrome.exe

The explorer also checks the following environment variables:

  • ProgramFiles(x86)
  • ProgramFiles
  • ProgramW6432

Each may list another directory, in which case the explorer looks in \Google\Chrome\Application\chrome.exe under each of those directories as well.

To find what the environment variables are set to, open a Windows command prompt and entering the command set.

For a default Windows 10 install, the default value of ProgramFiles and ProgramW6432 is c:\Program Files, which means the explorer also checks the following location:

c:\Program Files\Google\Chrome\Application\chrome.exe

This is the default location for Chrome on a 64 bit Windows 10 system.

MacOS

On macOS, the explorer checks for Google Chrome in the following locations:

  • /Applications/Google Chrome.app/Contents/MacOS/Google Chrome
  • /Applications/Google Chrome Canary.app/Contents/MacOS/Google Chrome Canary
  • /Applications/Chromium.app/Contents/MacOS/Chromium

Linux

On Linux systems, the explorer checks for Google Chrome at the following locations:

  • /usr/bin/google-chrome
  • /usr/bin/google-chrome-beta
  • /usr/bin/google-chrome-unstable
  • /usr/local/bin/chrome
  • /usr/bin/chrome
  • /opt/google/chrome/google-chrome
  • /usr/bin/chromium-browser
  • /usr/bin/chromium

Chrome is installed, but screenshots still don’t work

If Google Chrome is installed in one of the standard locations, but isn’t being found, it could be a permissions issue. It is also possible for Chrome to fail to run for other reasons, such as a corrupt Chrome profile. The next thing you can do is download the Rumble Scanner and run a scan to disk, which will write a log file that will have more detail about the scan operation.

What protocols does Rumble scan for?

Rumble supports the following list of protocols:

adb arp activemq amqp backupexec bacnet crestron cassandra checkmk citrix click dcerpc dns dotnet-remoting drbd drobo-nasd dtls echo epm ftp giop gpsd http http2 ike imap ipmi infinispan irc java-rmi jdbc-hsqldb jetdirect jms landesk lpd l2t mdns memcache minecraft mountd mongodb mssql mysql netbios natpmp ntp nfs openvpn oracledb pca pptp pop3 postgresql rdp redis rexec riak rpcbind rsyncd rtsp sip smb1 smb2 smb3 snmp smtp ssdp sonicwall-sgms spice ssh subversion sunrpc teamviewer telnet tftp tls ubnt upnp vmauthd vnc wsd wsman zookeeper

What ports does Rumble scan?

Rumble scans the following ports by default:

1 7 9 13 19 21 22 23 25 37 42 43 49 53 69 70 79 80 81 82 83 84 85 88 102 105 109 110 111 113 119 123 135 137 139 143 161 179 222 264 384 389 402 407 443 444 445 465 500 502 512 513 515 523 524 540 548 554 587 617 623 631 636 689 705 771 783 873 888 902 903 910 912 921 990 993 995 998 1000 1024 1030 1035 1080 1089 1090 1091 1098 1099 1100 1101 1102 1103 1128 1129 1158 1199 1211 1220 1270 1234 1241 1300 1311 1352 1433 1440 1468 1494 1521 1530 1533 1581 1582 1583 1604 1723 1755 1811 1883 1900 2000 2049 2082 2083 2100 2103 2121 2181 2199 2207 2222 2323 2362 2375 2379 2380 2381 2525 2533 2598 2601 2604 2638 2809 2947 2967 3000 3037 3050 3057 3128 3200 3268 3269 3217 3273 3299 3300 3306 3311 3312 3351 3389 3460 3500 3628 3632 3690 3780 3790 3817 4000 4092 4322 4343 4369 4433 4443 4444 4445 4567 4659 4679 4730 4786 4840 4848 5000 5022 5037 5038 5040 5051 5060 5061 5093 5168 5222 5247 5250 5351 5353 5355 5392 5400 5405 5432 5433 5498 5520 5521 5554 5555 5560 5580 5601 5631 5632 5666 5671 5672 5683 5800 5814 5900 5920 5938 5984 5985 5986 5988 5989 6000 6001 6002 6050 6060 6070 6080 6082 6101 6106 6112 6262 6379 6405 6502 6503 6504 6514 6542 6556 6660 6661 6667 6905 6988 7001 7021 7071 7077 7080 7100 7144 7181 7210 7443 7474 7510 7547 7579 7580 7676 7700 7770 7777 7778 7787 7800 7801 7879 7902 8000 8008 8009 8012 8014 8020 8023 8028 8030 8080 8081 8086 8087 8088 8089 8090 8095 8098 8127 8161 8180 8205 8222 8300 8303 8333 8400 8443 8471 8488 8503 8545 8686 8787 8800 8812 8834 8880 8883 8888 8899 8901 8902 8903 8983 9000 9001 9002 9042 9060 9080 9081 9084 9090 9092 9099 9100 9111 9152 9160 9200 9300 9390 9391 9418 9440 9443 9471 9495 9809 9855 9524 9595 9527 9530 9999 10000 10001 10008 10050 10051 10080 10098 10162 10202 10203 10443 10616 10628 11000 11099 11211 11234 11333 12174 12203 12221 12345 12397 12401 13364 13500 13838 14330 15200 15671 15672 16102 16992 16993 17185 17200 17775 17776 17777 17778 17781 17782 17783 17784 17790 17791 17798 18264 18881 19300 19810 19888 20000 20010 20031 20034 20101 20111 20171 20222 20293 22222 23472 23791 23943 25000 25025 25565 25672 26000 26122 27000 27017 27019 27080 27888 28017 28222 28784 30000 30718 31001 31099 32764 32913 34205 34443 34962 34963 34964 37718 37777 37890 37891 37892 38008 38010 38080 38102 38292 40007 40317 41025 41080 41523 41524 44334 44818 45230 46823 46824 47001 47002 48899 49152 50000 50013 50070 50090 52302 55553 55580 57772 61616 62078 62514 65535