BajaBoojum wrote:
When I open the Network Security Map in NIS 2012 (v19.9.1.14) six or seven extra devices show up on my ethernet connection. Most are called 'New,' are offline, and have different physical addresses but little other specific details. I have no other ethernet-connected computers; I have a netbook and Windows 8 phone on my wireless network connected to the same cable modem.
By the way, I'm using NIS 2012 because I had lots of problems with NIS 2013 on this Windows 8 computer.
Any idea what's going on?
Hi, BajaBoojum. Some ideas:
1. When you open the Network Security Map, it will show you all the devices it "remembers". This is every device that has ever connected to your machine with a unique IP address. This is normal and correct behaviour for NIS.
2. Whenever you reconfigure your network, for whatever reason, the "old stuff" remains behind on the Network Security Map in NIS, even though that item will never connect again with that IP address. As a result, you need to tell NIS to "forget" all it has learned, so it can create a new map based on the "new reality". You do this by going into the NIS Control Panel, Settings, the Network tab, the Network Security Settings sub-category, and clicking the "Purge" item in the Network Security Settings control panel list.
3. When you purge the list - NIS will build a fresh list - and the history of the Network Security Map will "start over". If you reconfigure your existing devices at any time in future - you will have to repeat step 2 for NIS to rebuild its "reality" again. This is normal. It is a consequence of the fact that NIS is not in charge of IP address assignments - this is the job of your Router. All NIS can do is report on what the router has done - even if the Router is doing something you think is silly.
4. There is a lot of variation in the way that Routers handle IP assignments. Most routers rely on a process known as DHCP. What this does is assign a unique (different) IP address to each device that connects to your network - on the basis of rules programmed into the router about how to do this. The common rulesets are as follows:
a) Remember every device ever connected to the router, and assign it an IP address. This exactly matches the behaviour of NIS, and has all the same consequences. Thus, if you ever reconfigure any devices on your network, the Router will retain that info and give back that same IP address regardless. This works well until you replace something like a Network Printer, you get a new phone, and so on. The "memory" of the old device remains - regardless of the fact it will never be used on your network ever again.
b) Remember every device connected to the router, and assign it an IP address. Again, this exactly matches the behaviour of NIS, and has all the same consequences. However, in this case, the Router has a time-limit (called a "lease time") which returns that particular IP address reservation to the "unclaimed" list once the lease time expires. Lease times vary, but common values are up to a week. In this case, if you "purge" the NIS map - and the lease on an obsolete item has expired - it will not reappear. This is the most common default programming method used for consumer-grade routers.
c) Remember every device connected to the router, assign an IP address, and forget that address after the lease time expires, except for items that have a "DHCP Reservation". Items that have a DHCP reservation act as items noted in category a). Thus, they will remain on that IP address, regardless of whether or not they have "fallen off the lease".
5. The problem with category b) Routers is there is no way to guarantee that the Router will look at a device you have connected to the Router at some time in the past - where that item has "fallen off the lease" - and assign the original IP address used for that original lease. This is normal and correct. Thus, your NIS "history" will fill with duplicate items unless the NIS "history" is periodically refreshed by purging the Network Security Map list.
6. The problem described in Item 5 is so annoying to many people that most Routers have an optional section to allow the router to work in category c) mode. However, this means you are required to have enough "smarts" to actually go into the router setup and create those DHCP reservations. If you do that, the IP addresses of your "known reservation" devices will not change, and your NIS map will remain correct for those items until such time as you change the DHCP reservations in the router.
7. NIS tries to "guess" what category the device is supposed to display, and NIS also tries to "fetch" the name of the device from the device itself - so it can populate the "name" field for the device on the basis of the network name of the device. However, there are rules about this which limit both the complexity of names and the letters/numbers/extra-characters that the router can "interpret" so it can automatically fill out the "name" field for the device.
For example, if you have named your iPhone "BajaBoojum's iPhone" - NIS cannot automatically populate the "name" field - because this violates the naming-convention rules which are used to auto-populate the name field during a network query. Changing the name on your iPhone to "BJBJ-iPhone" (notice: no apostrophe, no spaces, no non-standard characters) will allow NIS to auto-populate the name field. This works similarly for all IP devices the Router works with (which is all devices on your LAN).
The network name for the computer where NIS is installed is a possible exception to the above rule. Because this machine is "local" to NIS - the program can "get the info" through other means than a network query. Thus, the name for the device on which NIS is installed can be properly placed in the Network Security Map - even if it violates the conventions mentioned in the preceding paragraph. This is the only device which can violate the rules - and if you violate the rules on that device, then it will show up as "new" on the Network Security Map in your other computers using NIS. Staying within the convention on all devices attached to the Network is the only way to ensure that all Network Security Maps on all machines with NIS installed will all show the same nameset.
Some devices (like some network printers) will always show "New" no matter what you do. This means the device does not properly support a network-name-query in a way either the Router (or NIS) understands. Even if you use the proper naming conventions, the device will still show up in the Network Security Map as "New". There is no choice in this circumstance but to go in and manually change the name for that device to its proper name. This must be done for each NIS installation on each device where NIS is installed.
In situations where a category b) Router is used - and a reservation is in place using a DHCP lease - and you have changed something in that device - the Router may "remember" the old information as well as assign the device a new IP address because you have reconfigured that device. This creates a situation where "mortal remains" of your reconfiguration are still displayed - even though you know you've changed something to the "new way you want things to be" (eg: when you rename a device so its network name follows network naming conventions so it will show its name properly in a standard Network Security Map query). The way you fix this is to shut down all the machines on your network, shut down your router, shut down your cable/adsl modem, wait 15 seconds for that last device to completely discharge, and then restart the items in reverse order from shutdown (modem, router, rest of network devices). This forces the router to "forget" its previous automatically-assigned-DHCP-leases - which gets rid of the "mortal remains" - so your Network Security Map reflects your "new reality" - rather than the "obsolete reality" contained in router memory until you rebooted the router.
My suspicion is you have old connections from smartphones your friends have brought over, and these are showing in your NSM. You may also have old phones in your NSM that you either no longer use or only rarely use - and each of these has a non-standard network name so they all show as "new". A similar situation occurs with tablets, blackberry devices, network printers, IP cameras, and so on. Also, if you are running an unsecured wireless network - or relying on easily-compromised wireless network security such as WEP - you can have lots of "leeches" connected to your router - which will be reliably detected by NIS and will show up on your NSM as "new" devices - if they have non-standard network names (which is most iPhones and similar, for example).
There you go, a quick tutorial on "the perils of poorly configured routers" - and their impact on NIS.