Install NetCrunch Fast: First‑Run & Automatic Discovery Guide

Use this guide to: install NetCrunch, run the first‑time setup, apply automatic discovery, credentialing, and monitoring packs. It includes a concise preflight checklist, ensuring smooth installations in the test lab or production.

TL;DR (What you’ll do)

  1. Install NetCrunch and choose Trial or License
  2. Create a Network Atlas (Express or Advanced)
  3. Run the Discovery Wizard (networks, credentials, services)
  4. Apply Notifications settings.
  5. Confirm and let NetCrunch create automatic maps and views, and start monitoring.

Preflight checklist (recommended)

Preparing a few items up front makes automatic discovery and classification accurate from the start:

  • Networks to scan (CIDRs & ranges), plus any exclusions (devices/ranges you do not want scanned).
  • SNMP: community strings (v1/v2c) and users/authorization methods/privacy settings (v3). Ensure SNMP is enabled on switches, routers, printers, firewalls, and APs.
  • Discovery protocols enabled on switches where appropriate: LLDP/CDP/STP - this is mandatory for topology mapping.
  • OS access: Windows: an account with local admin rights; enable WMI and Remote Registry; verify that WMI services are operational; allow firewall rules for RPC, Performance Monitoring, Named Pipes, and WMI. For more information, please visit here.
  • OS access: Linux: a user with a home directory (e.g., sudo useradd -m netcrunch); enable SSH and/or SNMP as desired.
  • Connectivity from the NetCrunch Server host to monitored devices (ping/ICMP, relevant TCP/UDP ports).
  • Verify DNS forward and reverse lookups from the server.
  • Credentials gathered and ready (Windows/WMI, Linux/SSH, network devices/SNMP, optional Telnet/SSH for devices).
  • Initial scope of services/apps/logs to monitor (e.g., HTTP/S, DNS, DHCP, VPN, DBs) and who gets alert notifications (email/SMS/chat). Alert tuning, notification groups, and alert escalation paths can be applied later in a rule-based manner.

If ping or a port test fails from the NetCrunch Server, check routing, VLANs, or firewalls between segments.

Trial or License

When you open the NetCrunch Administration Console for the first time, you’ll see two options: Install license or Continue.

Have a license? Choose Install license and select your activation method.

No license yet? Choose Continue and create a NetCrunch account (Google or email). A registered trial provides up to 30 days of testing. You can also request a trial extension.

Prefer no registration? Choose Continue without registering (bottom‑right). This provides a 7‑day test.

NetCrunch trial or license

Creating network atlas

The Network Atlas is the configuration and data store NetCrunch uses for nodes, alerts, and trends.

Network atlas

Two ways to start:

  • Express: Launches the Network Atlas Creator to guide you step‑by‑step through adding devices to monitor.
  • Advanced: Gives you more options during the scan, including defining multiple profiles/SNMP communities for each specific system.
  • Skip Ticking this option creates an empty Atlas so you can add nodes manually or via targeted scans.

Creating network atlas in NetCrunch

This guide covers Advanced, which includes the built-in network scanner; Express follows the same concepts with less manual control.

Run the Atlas Scan Wizard (5 steps)

The wizard that guides you through the process of creating an atlas consists of 5 steps, and each step will be described below

Step 1. Add all networks and AD containers

Specify networks (CIDR/ranges) and any Active Directory containers/Workgroups to scan. If the NetCrunch Server belongs to an AD container, it’s included automatically.

Add exclusions for addresses or ranges you do not want scanned.

Add networks to monitoring

Step 2. Choose a discovery mode

Recommended: Scan and discover all devices; you can prune unwanted nodes after discovery.

Advanced users sometimes limit discovery to specific device types; use this sparingly to avoid missing infrastructure components.

Choose-network-discovery-mode-netcrunch

Step 3. Configure SNMP profiles

NetCrunch defaults to SNMPv2 with community “public” for convenience—replace this with your real communities and add SNMPv3 users where available.

Create multiple profiles if your network uses different credentials by device type or site, and for different SNMP versions (v1, v2c, v3) that you use.

Ensure that you include all community strings, along with users and passwords (for SNMPv3), for NetCrunch to discover all your devices.

Configure SNMP for monitoring

Step 4. Discovering TCP/IP network services

NetCrunch uses network services as primary indicators of whether nodes are responding or not.

The default list contains the most commonly encountered services in the network. Every device specified in the first step will be scanned against this list to determine if any of the network services from the list are available on it. All discovered services will become monitored automatically.

If a particular service that you wish to monitor isn't on this list, you can always add it by clicking the proper button in the upper part of the window.

For added custom services, tune the following:

  • Repeat count – total attempts per check
  • Additional repeat count – extra retries on failure (if service is not responding)
  • Timeout (ms) – how long to wait for a service response
Add network services to monitoring

You can set it for a particular service or multiple services at once.

Step 5. Confirm and start discovery

Review your inputs, then click Start to launch the scan.

A Server Tasks panel will show discovery progress. Some device‑type classification may continue briefly in the background.

Post‑Scan Wizard (credentials and notifications)

After the initial scan, NetCrunch opens a short wizard to tighten monitoring and alerting.

1. Monitoring Credentials

Provide credentials for each platform present (Windows, Linux, network devices) in your network. This enables deeper, agentless monitoring and better classification.

2. Notification Profile and Default Alert Escalation Setup

You need to enter an email address for alert notifications. By default, email is sent only for Critical alerts; other alerts are saved to the event log. You can later adjust recipients and channels (email/SMS/chat) to match your on‑call process.

Alert escalation - default script

3. NetCrunch Connection Cloud (NCC) - zero-configuration remote access

Connect your server to NetCrunch Connections Cloud if you need secure remote access to your console and telemetry without requiring the opening of inbound firewall ports.

It is recommended to enable NCC to allow secure remote access to your NetCrunch Server. The only requirement for it to operate is to ensure the outbound HTTPS (TCP 443) from the NetCrunch Server is configured.

NCC gives you secure, reliable outbound-only access to your NetCrunch Server from anywhere - no firewall changes, no port forwarding, no traditional VPN. The server opens an encrypted HTTPS (TCP 443) tunnel to NCC; clients (such as desktop console, web console, monitoring probes) connect through NCC using your license ID.

Your internal network is never exposed - NCC relays connections but does not terminate or decrypt monitoring data. NCC is backed by high-availability, regionally distributed relays.

NetCrunch Connections Cloud

NCC is obviously **not available ** or irrelevant when your NetCrunch is installed in an air-gapped environment.

Verify results & next steps

That's all; the basic discovery of the network is now complete. Monitoring has been enabled for the devices and systems for which you specified credentials. Some device type discoveries may still be occurring in the background; it's possible to review them later in the Server Tasks, located in the top right corner.

Please make sure to review the results

  • Topology & roles: In the Atlas Network Atlas tree, check the Network Topology views to confirm LLDP/CDP‑derived links and device roles look correct, and there are no orphaned devices on the topology map.
  • Noise control: Use Monitoring Packs to tune alert thresholds, disable non‑critical checks, and add missing services.
  • Coverage: Add any credential profiles you skipped and rescan targeted ranges if needed.
  • Notifications: Confirm routing to your real recipients and escalate rules for critical services.

Troubleshooting quick checks

If something doesn’t appear or data looks thin:

  • From the NetCrunch Server, verify ICMP and required TCP/UDP ports to targets. Use ping and a simple port test (e.g., telnet <IP> 161 for SNMP or Test-NetConnection on Windows).
  • Ensure WMI and Remote Registry are running on Windows nodes; confirm firewall allowances for WMI/RPC.
  • For Linux nodes, confirm SSH access (and SNMP if used) and that the monitoring user has a home directory.
  • Validate DNS forward and reverse lookups for monitored devices.

Example configs

Create a Linux monitoring user with a home directory 'sudo useradd -m netcrunch'

Windows services to check Windows Management Instrumentation (WMI), Remote Registry (set to Automatic if needed)

Ports often used: SNMP/161‑udp, SSH/22, HTTP/80, HTTPS/443, RDP/3389, WinRM/5985‑5986 (as applicable)

FAQ

  • How long does initial discovery take? Most environments complete in minutes, but larger networks depend on ranges and credentials, and do not take more than 20 minutes.
  • Do I need agents? NetCrunch monitors agentlessly via SNMP, WMI, SSH, and service probes.
  • Can I limit what gets discovered? Yes - use exclusions and discovery modes; you can also prune nodes after a full scan.
  • I am not allowed to scan my network. How can I add devices to monitor? You can import nodes from a file or even use NetCrunch's REST API to automatically add devices from your asset management system.

NetCrunch. Answers not just pictures

Maps → Alerts → Automation → Intelligence

See NetCrunch in ActionCheck Pricing