Discovery Pipeline

The core differentiator of StacksAtlas is its proprietary 5-Stage Active/Passive Discovery Pipeline. Unlike simple IP scanners that only ping a list of addresses, StacksAtlas interrogates devices to understand their role, vendor, and capabilities.

This process runs continuously in the background, ensuring your inventory is always up-to-date.

The 5 Stages of Discovery

1. ICMP Probe (Active)

The engine initiates a highly parallelized ICMP (Ping) sweep across the defined subnets.

• Goal: Rapidly identify "ALIVE" hosts.
• Performance: Capable of scanning a /24 subnet (254 hosts) in under 3 seconds.
• Result: Establishes the initial presence and Round-Trip Time (latency) baseline.

2. MAC/ARP Capture (Layer 2)

For devices on the local subnet, StacksAtlas queries the system ARP table to resolve the physical MAC address.

• Goal: Unique hardware identification.
• Result: The MAC address allows the system to look up the Manufacturer (OUI) from an internal database of over 45,000 vendor definitions.

3. Service Fingerprint (Layer 4)

The engine attempts to connect to specific "Control Ports" known to be associated with professional hardware. This is a non-invasive handshake.

• SSH (22): Identifies Linux servers and managed switches.
• HTTP/S (80/443): Identifies web interfaces (IP Cameras, Printers, IoT).
• Crestron (41794): Identifies Crestron control processors and touchpanels.
• Q-SYS (1702): Identifies Q-SYS Core processors.
• Biamp (23): Identifies Tesira DSPs.

4. mDNS/Zeroconf (Passive)

StacksAtlas listens for Bonjour (Multicast DNS) broadcasts. Devices often announce their "Friendly Name" via this protocol.

• Example: A device might have a hostname of IP-192-168-1-50, but announces itself via mDNS as Conf-Room-AppleTV.
• Result: StacksAtlas captures this friendly name to automatically populate the "Name" field in your inventory.

5. Deterministic Typing (Heuristic Classification)

The final stage is a high-performance logic engine (DeterministicTypingService) that synthesizes all previous data points to classify the device type and icon.

• Automated Rules: The engine uses complex Regex patterns against the device's friendly name and vendor metadata.
• Persistence: Once a device is manually renamed or assigned a type, the engine respects the user's "Human Property" settings.
• Logic Example: IF Vendor is "Apple" AND mDNS contains "TV" -> Classify as Media Player.
• Logic Example: IF Port 41794 is OPEN -> Classify as Control System (regardless of MAC vendor).

Active Intelligence (Deep Scan)

While the continuous discovery pipeline identifies devices and their basic roles, Deep Scan allows you to interrogate specific assets for granular detail.

On-Demand Port & Service Analysis

Powered by an integrated Nmap engine, Deep Scan performs a comprehensive probe of a target device to reveal:

• Open Ports: Identifying non-standard listening services.
• Service Versions: Exact version numbers for running software (e.g., nginx 1.18.0, OpenSSH 8.2).
• Operating System: Heuristic OS detection (e.g., "Ultralinux" or "Windows Server 2019").

Protocol Quick Links

New in v1.0.6, StacksAtlas provides one-click launch support for common administrative protocols directly from the Device Drawer:

• SSH (ssh://): Instantly open a terminal session to managed switches or Linux servers.
• Telnet (telnet://) and FTP (ftp://): Integrated support for legacy hardware, complete with visual security warnings for unencrypted sessions.

Path Diagnostics (Visual Traceroute)

New in v1.0.5, the Path Diagnostics module allows you to visualize the hop-by-hop network path between the StacksAtlas appliance and any target device.

• Goal: Identify exactly where latency or packet loss is occurring in the network fabric.
• Technology: Uses ICMP TTL manipulation to map layer-3 jumps.

Security Hygiene (Active Intelligence)

Beyond identification, StacksAtlas evaluates the risk profile of every asset.

Legacy Lifeboat

The engine automatically identifies devices running End-of-Life (EOL) operating systems, such as Windows XP or Windows 7.

• Risk Forecasting: Flags these devices for immediate replacement or isolation due to lack of modern security patches.
• Hygiene Grading: Contributes to the overall environment security score.

Stability & Performance Intelligence

Discovery is not just about identification; it's about monitoring behavior over time.

DHCP Lease Detective

Tracking identity in a dynamic IP environment is a major challenge. The DHCP Lease Detective maintains a historical record of MAC-to-IP bindings.

• Time Machine for IPs: View every IP address a specific hardware device has held over its lifetime.
• Drift Detection: Instantly identifies "drifting" devices as they move between VLANs or receive new leases, ensuring your historical data remains tied to the correct physical asset.

Scan Intensity Metrics

The engine tracks the number of times a device has been probed while online.

• Intensity Tracking: Every successful scan increment the ScanCount property.
• Persistence: These metrics are preserved across system restarts, providing long-term reliability data.

Flap Detection

StacksAtlas automatically tracks the "Last Seen" timestamp for every scan cycle. If a device transitions between Online and Offline states frequently within a short window, it is flagged as Unstable.

• Use Case: Identifying a loose ethernet cable or a failing PoE port.

Stability Score

Every device is assigned a Stability Score (0-100%).

• Algorithm: A weighted moving average of successful ping responses over the last 24 hours.
• Visualization: This score is displayed as a color-coded ring badge on the dashboard, allowing admins to instantly spot degrading infrastructure.

Reset Metrics

For devices that have undergone maintenance (e.g., cable replacement or firmware upgrade), administrators can manually Reset Metrics to clear historical flap counts and latency averages, establishing a fresh performance baseline.