Administrator HandbookTOC

Bulk TCP Poller


The Bulk TCP Poller allows you to monitor network application (TCP ports) availaibility. Network applications are mainly reachable by means of TCP port. From an IP client point of view, an application is available if the application TCP port is available to open a new session with him. This Plugin perform this test for you at regular intervals and sends an alarm if a wrong status is dedected.

The power of this Plugin allows you to monitor hundreds of Hosts and for each of them hundreds of TCP ports (application) with various alarm severity.

This Plugin could also be useful to check the permissiveness or laxisme of a Firewall and to warns you if an security breach is opened.

This Plugin could also be use to detect Troyan horse viruses on hosts. The detection could run either permanently or on-demand.

Hereunder, the main windows of the Bulk TCP Poller.

Plugin Installation

The installation of the Bulk TCP Poller Plugin is performed in the directory workspace.
Select one host in your directory and then from the contextual Menu select Insert Task and Plugin.


First, we need to know at least the following information:

We must specify which port we want to monitor. Either we type the Port number (only TCP port number) or choose it in the list.

We should now set the other parameters.
The goal of our Plugin is to generate alarms when status change. To set this we have to set the following fields:

The Alarm number is set to something higher than 10000 and not already assigned. This number will appears in the event manager and allows you to do filtering.

The level helps you to define the importance of the event. Highest level of gravity is 10, lowest level is 0 (red in the event manager).

The “If Port TCP is” field allows you to select the status that will generate the alarm.
If you test the availability of the application you will set the condition to down.
If you are checking security permisiveness you will want to be notified if aTCP port is reachable. In this case you set the condition to up. If alarm is sent, it will allows you to detect that an intermediaite Firewall allows the application to go through or a that a Troyan horse is installed on a remote machine.

Next step is to set the polling interval to which hosts will be polled. In Global parameter, Polling Interval, select a value.

You could also click on the button that opens the WIZARD and select your polling interval from there.

We could now select the hosts to which we want to apply the previous defined parameters

You could add hosts to the list either manually by setting one by one the host IP address or you could pick them up in the Directory. The second way is far most faster an support the shift and Ctrl selection in the list.

You could also select a host by opening the WIZARD with a click on the button.

When this is done, we could see the hosts in the list.

We can now start the Polling process by pressing the start button. The Plugin starts to poll the hosts at regular intervals and displays the current TCP port status.

From there, you could change a host or a group of host parameters. Select it/them by double click on the list, the current parameters would appear in the corresponding field, change what you want and apply the changes by clicking the Modify Host(s) From List button.


The Bulk TCP Poller updates the Value field after each polling. If the value field becomes red it means that the Port is not reachable. (Not that an alarm is sent).

Alarm sent by this Plugin should appears in your event manager:

The above information could also be check remotely if you have started the LoriotPro WEB server (refer to LoriotPro documentation for setting this service).

You could access from a navigator your current TCP table. Click on the Bulk TCP poller task (hammer)