Previous Table of Contents Next Automatic for the People A couple of network discovery tools are available for your use. They are very useful and usually cost less than $100, making them, in my opinion, quite a bargain for what they allow you to accomplish. They work by performing the tasks that you or I would do: running traceroutes, performing name lookups, opening sockets on a destination to see whether they're listening, and so on. However, because a computer has infinite patience doing the most boring and repetitive of tasks, a network discovery tool is much more complete than you or I would be! In particular, these automatic network discovery tools will take a range of IP addresses and systematically ping and check many common service ports on each destination. For a large network, this can be tens of thousands of checks (assuming that it checks twenty or so services on each destination, and that there are 254 possible host numbers on a network, and that you have a couple of networks). What's more, if you leave your automatic discovery tool running overnight, you'll have lots of answers in the morning without losing a bit of sleep! What about proprietary socket numbers for services such as Lotus Notes or GroupWise? Don't worry about them. Once you identify that a server is running at a certain IP address, you can do a more thorough port scan (see Figure 24.4). [24-04t.jpg] Figure 24.4 Port scanners such as the Internet Anywhere Toolkit can discover "listening" ports on a server, out of thousands of possibilities. Here's the rule of thumb: Even though it's possible to scan every single port in the world using these tools, you're probably best off scanning for a common "server" port, such as telnet (23), SMTP (25), or NetBIOS (139), on all addresses and then performing a more thorough scan on a machine once you find one that offers a common service. SNMP scanners are also pretty good for network discovery. Although SNMP is a UDP service and therefore can't have a "connection," a program that "understands" SNMP can send SNMP datagrams to a range of TCP/IP addresses and report to you which ones respond. Those that do are likely servers, routers, switches, or "smart" hubs. You can find these types of tools at the following sites: o www.tnsoft.com o www.solarwind.net o www.tucows.com o www.shareware.com For the last two sites, you'll want to look under "Network Tools." TCP/IP Review Let's review the salient points of TCP/IP network discovery. You have "known factors" in your "unknown network," such as functioning workstations and/or servers that you can physically get to. You can gather information from these known factors (such as TCP/IP addresses, name server addresses, router addresses, and server addresses) and write down a skeleton of your network that you can then flesh out. Once you have the addresses of routers on your network, you can telnet to those routers, check out the routing tables, and further discover more network segments. You can use the next hop as a clue to the next router and then repeat this process as often as necessary. TCP/IP network discovery can be a long and drawn out process, particularly when large numbers of hosts are involved; in this case, automated discovery tools can really help. IPX/SPX Discovery Novell servers announce themselves to the network, so it's usually pretty easy to identify them. I tend to concentrate on the NLIST utility from a DOS prompt to show me the name of all NetWare servers (see Figure 24.5). If you're a NetWare 3.x user, you can use the SLIST utility instead to identify which servers you have. The NLIST or SLIST utility will show you the servers' internal IPX addresses-be sure to write them down. [24-05t.jpg] Figure 24.5 You can look for servers on a NetWare network by using the nlist command. To only list bindery-compatible servers, use the /B option. Once you have IPX server names, you can then use the RCONSOLE utility (assuming that the servers are in an unknown location) to connect to the servers. As with TCP/IP routers, you'll need to know the password. ______________________________________________________________ If you don't know the RCONSOLE password for your Novell servers, you can still get in if you have the appropriate permission to read the SYS:SYSTEM\AUTOEXEC.NCF file. Just look for a line that reads something like this: load remote foobar The last word is the remote password (in this case, "foobar.") Secure, huh? It's a reasonable bet that if you find one remote password, it will be valid for each server. If you can't read the AUTOEXEC.NCF file but you have access to the console of one of your servers, you can type the following: LOAD EDIT AUTOEXEC.NCF You'll then be able to read it from there. (While you use the console, you're accessing the files as the supervisor.) You can probably use this password on other servers as well. ______________________________________________________________ Once you get into a remote console, you can type config at the console prompt, which will show you the IPX network addresses this server is connected to. Write them down. Remember that each multihomed NetWare server is a router as well. When you write down each network address and server name, you should have a pretty good idea of what the network looks like. Remember, servers that have a common network number live on the same network: A server "between" two networks acts as glue to tie everything all together. Finally, type display networks at the console prompt to make sure you've diagramed a router for each network. If you have "holes" in the diagram-for example, if you see that you have network numbers that don't have servers attached to them-there might be router "filters" that are keeping you from seeing certain servers or routers. In this case, you might want to check out the track on console prompt command. It will open up the "route tracking" screen. It looks really nuts, but once you get a handle on what you're seeing, it will get easier to use (see Figure 24.6). [24-06t.jpg] Figure 24.6 You can track routing requests through the NetWare route tracking screen. Basically, two types of entries are shown on the route tracking screen: the IN entry and the OUT entry. The IN entry is where other servers and routers tell the server that you're looking at other networks. The OUT entry is where your server tells others about the networks it is connected to. We'll concentrate on the IN entry. Previous Table of Contents Next