Previous Table of Contents Next


Router Configuration

Can you telnet to the router? Cool. Oh no! It’s asking for a password. Hopefully, because you own this router, you have the password. (Check inside the manual’s front and back covers; some folks write it in one of those places.) If not, call the manufacturer for technical support. If the manufacturer won’t help you, don’t despair. Although you definitely should have the password in case you need to troubleshoot or reconfigure this router, you still can discover your network without it—it’ll just take a little more sleuthing.


Try the following passwords:
  manager
  security
  supervisor
  admin
  administrator
  root
  [ENTER]
  12345 (and variations on that)
  Your company name (or one word of your company name)

You’d be amazed at how many folks (particularly people who don’t document the networks they build) leave the “default” passwords on devices or simply pick “bad” passwords.


Being able to telnet into the router means that you can also create a status report on which interfaces are which network numbers. Write ’em down! Don’t know how to show the addresses on the router? Check the manual.


Many routers will show you which router commands are available if you type
   ?

or

   help

If you can’t find the manual in your shop, check the manufacturer’s Web site before buying another copy. Some manufacturers keep the manuals on the Web as a service to their customers.


Another cool and highly informative task you can perform while in the router is to dump the routing table. As nasty as that sounds, it just means that you’re going to list all the known routes to that router. All the routes that apply to your organization are going to be in the route table—be sure to write down the list of network numbers (even if the router is not connected to them) with their next hops. The next hop will be a router that knows something more about that network, and it’s more than likely only a hop or two away from the network. Repeat this process until you have all the networks written down with a corresponding router identification.


By convention, most routers for a given network segment have low node numbers, starting at 1 and working up to as many routers as there are on that segment.

Once you have an idea of which routers have which IP numbers, you should be able to start drawing a map. Start with the router, draw the network segments off of each, and then play “connect the dots.” That is, make correlations between which routers have common network numbers and then connect them (see Figure 24.1).


Figure 24.1  Once you’ve laid out your network pieces like Legos, you can then snap them together using common networks to reveal the entire picture.

Servers

If you have an idea of what the server names are, you’re one step further in the right direction. If not, you’ll have to perform name discovery. From an operational workstation, look at the DNS configuration. No DNS configuration? It’s possible—some sites don’t use DNS, but that’s very unlikely if the Internet is in the picture. If you’re sure that no DNS is available, you have two options for gathering hostnames and IP addresses of servers:

  Check the C:\Windows\HOSTS file on several functional workstations.
  Check the client configuration of several functional workstations.

For the second option, you’ll have to be familiar with the client (for example, the Telnet client). Many Telnet clients allow you to put a hostname or IP address in the command line that invokes the program, so check the properties of a working icon to glean hostnames or IP addresses (see Figure 24.2). It’s entirely possible that someone has set up an entire office using just IP addresses. I’ve seen it happen!


Figure 24.2  The “assessor” icon points to the program NetTerm but supplies the program with the command-line parameter of “assessor.”

If DNS is in the picture, you can usually dump the name table using nslookup, as discussed in Hour 20, “Network Troubleshooters Just Wanna Have Fun.” Remember, nslookup doesn’t work for Windows 9x; you’ll have to check out one of the nslookup equivalents. Some of the “network discovery” tools listed in the next section will also dump any given name table (see Figure 24.3).


Figure 24.3  Because nslookup isn’t an option for Windows 9x users, you’ll have to use a third-party utility. NS-Batch is one way to dump a DNS table.

Once you have either server names or IP addresses for your important servers, connect them to the appropriate segments laid out when you performed router discovery. If the servers are on a segment that you don’t know about, perform a “traceroute” to the server, which will show you the segments that it passes through. You can telnet to each hop (because it’s definitely a router), gather configuration information along the way, and flesh out your map.


Some people configure their name servers to disallow a name dump from an arbitrary workstation. This is a good security practice but a pain in the neck for network discovery. You’ll have to log in to the primary or secondary server and print out the DNS configuration file. On UNIX, you can usually take a look at the /etc/named.boot file:
   directory /usr/local/named
   primary mycompany.com named.company
   cache root.cache
   forwarders 192.168.1.10

This will point you to the data files. (In this case, this is a primary name server; it keeps its database for the zone in the named.company file. Because there’s a “directory” keyword in the boot file, you’ll specifically find the data file in /usr/local/named/named.company rather than in /etc directory, which is the default.)



Previous Table of Contents Next