Stay organized with collections
Save and categorize content based on your preferences.
This document describes the steps to run an IP range scan using the
mcdc CLI.
Overview
IP range scan lets you detect assets on the network, verify credentials, and
collect data from the detected assets. The collected data includes data about
the running applications on your machines, which includes both virtual machine
(VM) instances and physical servers, and details about the machine
configuration, hardware, network, as well as open files, services, and
processes.
IP range scan is useful in the following scenarios:
If you want to scan assets on environments for which the
Migration Center discovery client CLI doesn't support inventory discovery,
such as VMs running on Azure or machines running in your on-premises
infrastructure.
If you have have several machines in an IP range, or you don't have much
knowledge about the infrastructure you want to scan.
If you want to do a complete scan of VMs running on VMware even if you lack
access to the vCenter API, you can use IP range scan as an alternative to
guest discovery.
If you want to do a complete scan of VMs running on AWS even if you lack
access to the AWS API, you can use IP range scan as an alternative to guest
discovery.
IP range scan is a two-step process:
First, the mcdc CLI scans IP addresses to detect
assets in your infrastructure.
Then, it scans the detected assets for data required to perform an
assessment.
The mcdc CLI supports data collection through
IP range scan for both Linux and Windows target machines.
During the IP range scan, the mcdc CLI connects to
Linux machines using SSH, and to Windows machines using
Windows Management Instrumentation (WMI).
IP range scan collects the same data as running a guest discovery remotely
with SSH or WMI.
To scan an environment with both Windows and Linux machines, run
mcdc CLI from a Windows workstation. Windows
machines require WMI for connection during scanning, and WMI is only
supported on Windows workstations.
Replace IP_RANGE with a single IP address or a range
of IP addresses that you want to scan. The IP ranges can be hyphenated or in
CIDR notation.
For example, 0.0.0.0-0.0.0.3 or 0.0.0.0/30. You can specify more than one
range at a time using multiple --ranges flags.
Alternatively, you can specify a file that contains a list of IP ranges to scan:
Replace IP_RANGE_FILE with the name of the CSV file which contains
the range of IP addresses you want to scan. The file must contain
comma-separated ranges or ranges in CIDR notation.
Following in an example of an IP range file:
This command then outputs a CSV file containing the list IP addresses of the
detected assets. The file looks similar to the following example:
ipAddress
192.168.9.1
192.168.9.2
This file is used as an input for the next step, which is to
scan and collect data on the detected assets. By default, this file is saved in
the same directory where you installed the mcdc CLI.
Scan the discovered assets
After you've scanned your infrastructure and have the file containing a list
of discovered IPs, run a scan on the discovered assets:
SCANNED_IPS: the path to the file generated by the discover ipscan command which contains a list of the IP addresses of your discovered assets.
When prompted, accept the terms and conditions.
Optionally, to skip this step and accept the terms and conditions in
the previous step, you can include the --accept-terms flag with the
discover ips command command.
When prompted, enter the credentials using JSON format:
Enter username and password:
[{"username":"USERNAME","password":"PASSWORD"}]
Enter username and specify the path to the identity file:
After the scan is complete, the collected data is saved in the same local
directory where you installed the mcdc CLI on the host
machine. Additionally, a CSV file is also generated in the same directory,
which provides you with the details about the successful and unsuccessful scans.
If you want to specify a different location for this CSV file, you can use the
--output-file with the discover ips command.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-28 UTC."],[],[],null,["# Run an IP range scan\n\nThis document describes the steps to run an IP range scan using the\n`mcdc` CLI.\n\nOverview\n--------\n\nIP range scan lets you detect assets on the network, verify credentials, and\ncollect data from the detected assets. The collected data includes data about\nthe running applications on your machines, which includes both virtual machine\n(VM) instances and physical servers, and details about the machine\nconfiguration, hardware, network, as well as open files, services, and\nprocesses.\n\nIP range scan is useful in the following scenarios:\n\n- If you want to scan assets on environments for which the Migration Center discovery client CLI doesn't support [inventory discovery](/migration-center/docs/run-inventory-discovery), such as VMs running on Azure or machines running in your on-premises infrastructure.\n- If you have have several machines in an IP range, or you don't have much knowledge about the infrastructure you want to scan.\n- If you want to do a complete scan of VMs running on VMware even if you lack access to the vCenter API, you can use IP range scan as an alternative to [guest discovery](/migration-center/docs/run-guest-discovery).\n- If you want to do a complete scan of VMs running on AWS even if you lack access to the AWS API, you can use IP range scan as an alternative to guest discovery.\n\nIP range scan is a two-step process:\n\n- First, the `mcdc` CLI scans IP addresses to detect assets in your infrastructure.\n- Then, it scans the detected assets for data required to perform an assessment.\n\nThe `mcdc` CLI supports data collection through\nIP range scan for both Linux and Windows target machines.\nDuring the IP range scan, the `mcdc` CLI connects to\nLinux machines using SSH, and to Windows machines using\nWindows Management Instrumentation (WMI).\nIP range scan collects the same data as running a guest discovery remotely\nwith SSH or WMI.\n\nTo scan an environment with both Windows and Linux machines, run\n`mcdc` CLI from a Windows workstation. Windows\nmachines require WMI for connection during scanning, and WMI is only\nsupported on Windows workstations.\n\nBefore you begin\n----------------\n\n1. Review the [requirements for downloading and running the\n `mcdc` CLI](/migration-center/docs/review-collector-cli-requirements).\n2. Complete the steps to [download `mcdc` CLI](/migration-center/docs/download-collector-cli).\n\nRun an IP scan to discover assets\n---------------------------------\n\n- To detect assets in your infrastructure, run the following command:\n\n\n ### Linux\n\n \u003cbr /\u003e\n\n ```\n ./mcdc discover ipscan --ranges IP_RANGE\n ```\n\n \u003cbr /\u003e\n\n ### Windows\n\n \u003cbr /\u003e\n\n ```\n mcdc.exe discover ipscan --ranges IP_RANGE\n ```\n\n \u003cbr /\u003e\n\n \u003cbr /\u003e\n\n Replace \u003cvar translate=\"no\"\u003eIP_RANGE\u003c/var\u003e with a single IP address or a range\n of IP addresses that you want to scan. The IP ranges can be hyphenated or in\n [CIDR notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing).\n For example, `0.0.0.0-0.0.0.3` or `0.0.0.0/30`. You can specify more than one\n range at a time using multiple `--ranges` flags.\n- Alternatively, you can specify a file that contains a list of IP ranges to scan:\n\n\n ### Linux\n\n \u003cbr /\u003e\n\n ```\n ./mcdc discover ipscan --file IP_RANGE_FILE.csv\n ```\n\n \u003cbr /\u003e\n\n ### Windows\n\n \u003cbr /\u003e\n\n ```\n mcdc.exe discover ipscan --file IP_RANGE_FILE.csv\n ```\n\n \u003cbr /\u003e\n\n \u003cbr /\u003e\n\n Replace \u003cvar translate=\"no\"\u003eIP_RANGE_FILE\u003c/var\u003e with the name of the CSV file which contains\n the range of IP addresses you want to scan. The file must contain\n comma-separated ranges or ranges in [CIDR notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing).\n Following in an example of an IP range file: \n\n rangeStart,rangeEnd,CIDR\n 192.168.9.0,192.168.9.255,\"\"\n \"\",\"\",192.168.10.0/24\n\n| **Note:** You can specify ranges using either the `--ranges` flag or `--file` flag. You can't use both of these flags in a single command.\n\nThis command then outputs a CSV file containing the list IP addresses of the\ndetected assets. The file looks similar to the following example: \n\n ipAddress\n 192.168.9.1\n 192.168.9.2\n\nThis file is used as an input for the next step, which is to\nscan and collect data on the detected assets. By default, this file is saved in\nthe same directory where you installed the `mcdc` CLI.\n\nScan the discovered assets\n--------------------------\n\n1. After you've scanned your infrastructure and have the file containing a list\n of discovered IPs, run a scan on the discovered assets:\n\n\n ### Linux\n\n \u003cbr /\u003e\n\n ```\n ./mcdc discover ips --file SCANNED_IPS.csv\n ```\n\n \u003cbr /\u003e\n\n ### Windows\n\n \u003cbr /\u003e\n\n ```\n mcdc.exe discover ips --file SCANNED_IPS.csv\n ```\n\n \u003cbr /\u003e\n\n \u003cbr /\u003e\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003eSCANNED_IPS\u003c/var\u003e: the path to the file generated by the `discover ipscan` command which contains a list of the IP addresses of your discovered assets.\n2. When prompted, accept the terms and conditions.\n\n Optionally, to skip this step and accept the terms and conditions in\n the previous step, you can include the `--accept-terms` flag with the\n `discover ips` command command.\n3. When prompted, enter the credentials using JSON format:\n\n - Enter username and password:\n\n [{\"username\":\"\u003cvar translate=\"no\"\u003eUSERNAME\u003c/var\u003e\",\"password\":\"\u003cvar translate=\"no\"\u003ePASSWORD\u003c/var\u003e\"}]\n\n - Enter username and specify the path to the identity file:\n\n [{\"username\":\"\u003cvar translate=\"no\"\u003eUSERNAME\u003c/var\u003e\",\"identityFile\":\"\u003cvar translate=\"no\"\u003eIDENTITY_FILE\u003c/var\u003e\"}]\n\n - Enter the username, specify the path to the encrypted identity file, and\n enter the passphrase:\n\n [{\"username\":\"\u003cvar translate=\"no\"\u003eUSERNAME\u003c/var\u003e\",\"identityFile\":\"\u003cvar translate=\"no\"\u003eIDENTITY_FILE\u003c/var\u003e\",\"passphrase\":\"\u003cvar translate=\"no\"\u003ePASSPHRASE\u003c/var\u003e\"}]\n\n If required, you can specify multiple credentials at a time: \n\n [{\"username\":\"\u003cvar translate=\"no\"\u003eFIRST_USERNAME\u003c/var\u003e\",\"password\":\"\u003cvar translate=\"no\"\u003eFIRST_PASSWORD\u003c/var\u003e\"},{\"username\":\"\u003cvar translate=\"no\"\u003eSECOND_USERNAME\u003c/var\u003e\",\"password\":\"\u003cvar translate=\"no\"\u003eSECOND_PASSWORD\u003c/var\u003e\"}]\n\nAfter the scan is complete, the collected data is saved in the same local\ndirectory where you installed the `mcdc` CLI on the host\nmachine. Additionally, a CSV file is also generated in the same directory,\nwhich provides you with the details about the successful and unsuccessful scans.\nIf you want to specify a different location for this CSV file, you can use the\n`--output-file` with the `discover ips` command.\n\nWhat's next\n-----------\n\n- Learn how to [export collected data to Migration Center](/migration-center/docs/export-collected-data)."]]
