My client has a large IP range full of virtualized hosts. I would like to implement a network based scan of this range to identify if there are any IPs running vCenter Server. I don't have SSH access to any of these machines so I would like to be able to detect that they are vCenter hosts remotely from the network. Is this possible? Is there an HTTP endpoint that I can read a response code from that will reliably identify a vCenter host?
Maybe checking which IPs are using port 5480? It is used by vCenter Appliance Management Console (VAMI, only for VCSA, not windows). vRealize Network Insight may help you with that, but you have plenty of options to scan the network and check that.
- nc -zvw10 *IP* 5480
z: zero-I/O mode which is used for scanning
v: for verbose output
w10: timeout wait seconds
- nmap *IP* -p 5480
- telnet *IP* 5480