Previous | Table of Contents | Next |
A couple of network discovery tools are available for your use. They are very useful and usually cost less than $100, making them, in my opinion, quite a bargain for what they allow you to accomplish. They work by performing the tasks that you or I would do: running traceroutes, performing name lookups, opening sockets on a destination to see whether theyre listening, and so on. However, because a computer has infinite patience doing the most boring and repetitive of tasks, a network discovery tool is much more complete than you or I would be!
In particular, these automatic network discovery tools will take a range of IP addresses and systematically ping and check many common service ports on each destination. For a large network, this can be tens of thousands of checks (assuming that it checks twenty or so services on each destination, and that there are 254 possible host numbers on a network, and that you have a couple of networks). Whats more, if you leave your automatic discovery tool running overnight, youll have lots of answers in the morning without losing a bit of sleep!
What about proprietary socket numbers for services such as Lotus Notes or GroupWise? Dont worry about them. Once you identify that a server is running at a certain IP address, you can do a more thorough port scan (see Figure 24.4).
Figure 24.4 Port scanners such as the Internet Anywhere Toolkit can discover listening ports on a server, out of thousands of possibilities.
Heres the rule of thumb: Even though its possible to scan every single port in the world using these tools, youre probably best off scanning for a common server port, such as telnet (23), SMTP (25), or NetBIOS (139), on all addresses and then performing a more thorough scan on a machine once you find one that offers a common service.
SNMP scanners are also pretty good for network discovery. Although SNMP is a UDP service and therefore cant have a connection, a program that understands SNMP can send SNMP datagrams to a range of TCP/IP addresses and report to you which ones respond. Those that do are likely servers, routers, switches, or smart hubs.
You can find these types of tools at the following sites:
For the last two sites, youll want to look under Network Tools.
Lets review the salient points of TCP/IP network discovery. You have known factors in your unknown network, such as functioning workstations and/or servers that you can physically get to. You can gather information from these known factors (such as TCP/IP addresses, name server addresses, router addresses, and server addresses) and write down a skeleton of your network that you can then flesh out.
Once you have the addresses of routers on your network, you can telnet to those routers, check out the routing tables, and further discover more network segments. You can use the next hop as a clue to the next router and then repeat this process as often as necessary.
TCP/IP network discovery can be a long and drawn out process, particularly when large numbers of hosts are involved; in this case, automated discovery tools can really help.
Novell servers announce themselves to the network, so its usually pretty easy to identify them. I tend to concentrate on the NLIST utility from a DOS prompt to show me the name of all NetWare servers (see Figure 24.5). If youre a NetWare 3.x user, you can use the SLIST utility instead to identify which servers you have. The NLIST or SLIST utility will show you the servers internal IPX addressesbe sure to write them down.
Figure 24.5 You can look for servers on a NetWare network by using the nlist command. To only list bindery-compatible servers, use the /B option.
Once you have IPX server names, you can then use the RCONSOLE utility (assuming that the servers are in an unknown location) to connect to the servers. As with TCP/IP routers, youll need to know the password.
If you dont know the RCONSOLE password for your Novell servers, you can still get in if you have the appropriate permission to read the SYS:SYSTEM\AUTOEXEC.NCF file. Just look for a line that reads something like this:load remote foobarThe last word is the remote password (in this case, foobar.) Secure, huh? Its a reasonable bet that if you find one remote password, it will be valid for each server.
If you cant read the AUTOEXEC.NCF file but you have access to the console of one of your servers, you can type the following:
LOAD EDIT AUTOEXEC.NCFYoull then be able to read it from there. (While you use the console, youre accessing the files as the supervisor.) You can probably use this password on other servers as well.
Once you get into a remote console, you can type config at the console prompt, which will show you the IPX network addresses this server is connected to. Write them down. Remember that each multihomed NetWare server is a router as well.
When you write down each network address and server name, you should have a pretty good idea of what the network looks like. Remember, servers that have a common network number live on the same network: A server between two networks acts as glue to tie everything all together. Finally, type
display networks
at the console prompt to make sure youve diagramed a router for each network.
If you have holes in the diagramfor example, if you see that you have network numbers that dont have servers attached to themthere might be router filters that are keeping you from seeing certain servers or routers. In this case, you might want to check out the track on console prompt command. It will open up the route tracking screen. It looks really nuts, but once you get a handle on what youre seeing, it will get easier to use (see Figure 24.6).
Figure 24.6 You can track routing requests through the NetWare route tracking screen.
Basically, two types of entries are shown on the route tracking screen: the IN entry and the OUT entry. The IN entry is where other servers and routers tell the server that youre looking at other networks. The OUT entry is where your server tells others about the networks it is connected to. Well concentrate on the IN entry.
Previous | Table of Contents | Next |