Previous | Table of Contents | Next |
Can you telnet to the router? Cool. Oh no! Its asking for a password. Hopefully, because you own this router, you have the password. (Check inside the manuals front and back covers; some folks write it in one of those places.) If not, call the manufacturer for technical support. If the manufacturer wont help you, dont despair. Although you definitely should have the password in case you need to troubleshoot or reconfigure this router, you still can discover your network without ititll just take a little more sleuthing.
Try the following passwords:
- manager
- security
- supervisor
- admin
- administrator
- root
- [ENTER]
- 12345 (and variations on that)
- Your company name (or one word of your company name)
Youd be amazed at how many folks (particularly people who dont document the networks they build) leave the default passwords on devices or simply pick bad passwords.
Being able to telnet into the router means that you can also create a status report on which interfaces are which network numbers. Write em down! Dont know how to show the addresses on the router? Check the manual.
Many routers will show you which router commands are available if you type?or
helpIf you cant find the manual in your shop, check the manufacturers Web site before buying another copy. Some manufacturers keep the manuals on the Web as a service to their customers.
Another cool and highly informative task you can perform while in the router is to dump the routing table. As nasty as that sounds, it just means that youre going to list all the known routes to that router. All the routes that apply to your organization are going to be in the route tablebe sure to write down the list of network numbers (even if the router is not connected to them) with their next hops. The next hop will be a router that knows something more about that network, and its more than likely only a hop or two away from the network. Repeat this process until you have all the networks written down with a corresponding router identification.
By convention, most routers for a given network segment have low node numbers, starting at 1 and working up to as many routers as there are on that segment.
Once you have an idea of which routers have which IP numbers, you should be able to start drawing a map. Start with the router, draw the network segments off of each, and then play connect the dots. That is, make correlations between which routers have common network numbers and then connect them (see Figure 24.1).
Figure 24.1 Once youve laid out your network pieces like Legos, you can then snap them together using common networks to reveal the entire picture.
If you have an idea of what the server names are, youre one step further in the right direction. If not, youll have to perform name discovery. From an operational workstation, look at the DNS configuration. No DNS configuration? Its possiblesome sites dont use DNS, but thats very unlikely if the Internet is in the picture. If youre sure that no DNS is available, you have two options for gathering hostnames and IP addresses of servers:
For the second option, youll have to be familiar with the client (for example, the Telnet client). Many Telnet clients allow you to put a hostname or IP address in the command line that invokes the program, so check the properties of a working icon to glean hostnames or IP addresses (see Figure 24.2). Its entirely possible that someone has set up an entire office using just IP addresses. Ive seen it happen!
Figure 24.2 The assessor icon points to the program NetTerm but supplies the program with the command-line parameter of assessor.
If DNS is in the picture, you can usually dump the name table using nslookup, as discussed in Hour 20, Network Troubleshooters Just Wanna Have Fun. Remember, nslookup doesnt work for Windows 9x; youll have to check out one of the nslookup equivalents. Some of the network discovery tools listed in the next section will also dump any given name table (see Figure 24.3).
Figure 24.3 Because nslookup isnt an option for Windows 9x users, youll have to use a third-party utility. NS-Batch is one way to dump a DNS table.
Once you have either server names or IP addresses for your important servers, connect them to the appropriate segments laid out when you performed router discovery. If the servers are on a segment that you dont know about, perform a traceroute to the server, which will show you the segments that it passes through. You can telnet to each hop (because its definitely a router), gather configuration information along the way, and flesh out your map.
Some people configure their name servers to disallow a name dump from an arbitrary workstation. This is a good security practice but a pain in the neck for network discovery. Youll have to log in to the primary or secondary server and print out the DNS configuration file. On UNIX, you can usually take a look at the /etc/named.boot file:directory /usr/local/named primary mycompany.com named.company cache root.cache forwarders 192.168.1.10This will point you to the data files. (In this case, this is a primary name server; it keeps its database for the zone in the named.company file. Because theres a directory keyword in the boot file, youll specifically find the data file in /usr/local/named/named.company rather than in /etc directory, which is the default.)
Previous | Table of Contents | Next |