Previous | Table of Contents | Next |
The IN entry contains a bracketed number such as [0000001D:0000C91D5488], for example. That number is the address of the foreign router. You can try to use this address in RCONSOLE by hitting the Insert key instead of picking a server name. Then you can enter that address number and attempt to connect. This way, you can connect to a server even if it doesnt appear on the server list.
Of course, you dont have to do any of this remote stuff if you know where the servers are. You can simply take a couple of hours to travel around your campus, gather the network information from each console, and stitch it all together into a bona fide network map. Of course, because Novell servers also use TCP/IP, the techniques used in the previous section are applicable as well.
Once you understand the underlying technology of a network, reverse-engineering it isnt hard. However, getting an inductive tone set is a must if you have a lot of unlabeled cables.
From a protocol and network perspective, if servers can talk to each other and to workstations, theres always a trail that you can follow. Typically, once you identify the network glue that holds the network together, the rest falls into place after a little bit of research. If you have a TCP/IP network, youre in luck, because you can use automated discovery tools to your advantage.
Novell networks are reasonably simple to reverse-engineer; its just a matter of getting access to the server consoles, either remotely or locally. If you run a mixed IPX/SPX and TCP/IP Novell environment, youll have to use IPX/SPX and TCP/IP discovery techniques.
Q Some of this network discovery stuff looks like cracker-type espionage. Are you sure I should be doing this?
A If the network that youre performing a discovery on isnt a network that youre responsible for, definitely not. Its considered antisocial and possibly illegal to gather this type of information without authorization. However, if youre the person responsible for this network, youve got to know this information. If someone has not left you a paper trail, you must create one. Just as in the movies, the good guys use some of the same tools as the bad guysit just depends what your motives and responsibilities are.
Q Any more tips for TCP/IP discovery without automation tools?
A Sure, but isnt it worth $15 to save a couple of hours of your time? I highly recommend the automated discovery tools. I have lost hours of my life manually discovering networks that I could have otherwise spent doing something fun or productive.
One additional thing you can do to dump routing tables if your routers are inaccessible is to load Microsofts routing to a test NT server, have it participate in the TCP/IP routing protocols running on your network, and then dump the routing table by typing the following command:
netstat -rn
You can do a similar thing if you have a Linux box; just add the gated package to it, have it listen for RIP, and see if you discover anything. This seems like a lot of work compared to downloading and buying a cheap Windows utility, though, doesnt it?
Previous | Table of Contents | Next |