Previous Table of Contents Next The IN entry contains a bracketed number such as [0000001D:0000C91D5488], for example. That number is the address of the foreign router. You can try to use this address in RCONSOLE by hitting the Insert key instead of picking a server name. Then you can enter that address number and attempt to connect. This way, you can connect to a server even if it doesn't appear on the server list. Of course, you don't have to do any of this remote stuff if you know where the servers are. You can simply take a couple of hours to travel around your campus, gather the network information from each console, and stitch it all together into a bona fide network map. Of course, because Novell servers also use TCP/IP, the techniques used in the previous section are applicable as well. Summary Once you understand the underlying technology of a network, reverse-engineering it isn't hard. However, getting an inductive tone set is a must if you have a lot of unlabeled cables. From a protocol and network perspective, if servers can talk to each other and to workstations, there's always a "trail" that you can follow. Typically, once you identify the network "glue" that holds the network together, the rest falls into place after a little bit of research. If you have a TCP/IP network, you're in luck, because you can use automated discovery tools to your advantage. Novell networks are reasonably simple to reverse-engineer; it's just a matter of getting access to the server consoles, either remotely or locally. If you run a mixed IPX/SPX and TCP/IP Novell environment, you'll have to use IPX/SPX and TCP/IP discovery techniques. Workshop Q&A Q Some of this network discovery stuff looks like cracker-type espionage. Are you sure I should be doing this? A If the network that you're performing a discovery on isn't a network that you're responsible for, definitely not. It's considered antisocial and possibly illegal to gather this type of information without authorization. However, if you're the person responsible for this network, you've got to know this information. If someone has not left you a paper trail, you must create one. Just as in the movies, the good guys use some of the same tools as the bad guys-it just depends what your motives and responsibilities are. Q Any more tips for TCP/IP discovery without automation tools? A Sure, but isn't it worth $15 to save a couple of hours of your time? I highly recommend the automated discovery tools. I have lost hours of my life manually discovering networks that I could have otherwise spent doing something fun or productive. One additional thing you can do to dump routing tables if your routers are inaccessible is to load Microsoft's routing to a test NT server, have it participate in the TCP/IP routing protocols running on your network, and then dump the routing table by typing the following command: netstat -rn You can do a similar thing if you have a Linux box; just add the "gated" package to it, have it listen for RIP, and see if you discover anything. This seems like a lot of work compared to downloading and buying a cheap Windows utility, though, doesn't it? Quiz 1. The "generator" part of an inductive tone generator/tracer pair should be put where? A. At the "far end," away from where most cables terminate B. At the "concentrator" end, where most cables terminate C. In the middle of the cable D. None of the above 2. The first thing to find when performing network discovery is the address of a what? A. Server B. Novell file and print service C. Web server D. Router 3. True or false? Once you discover all the routers on your network, it's a simple matter to map all the servers to where they belong. 4. True or false? All TCP/IP networks use DNS. 5. You can't find a DNS server for a network that you've been hired to reverse-engineer. A sensible way to find host addresses would be to check the ________________ of a functional PC. A. network card B. router entry C. client application configuration D. destination hop 6. True or false? All ports should be scanned on every possible IP address on your network. 7. The RCONSOLE password for a Novell server resides where? A. SYS:SYSTEM\AUTOEXEC.NCF B. SYS:PUBLIC\AUTOEXEC.NCF C. SYS:SYSTEM\AUTOEXEC.BAT D. SYS:PUBLIC\AUTOEXEC.BAT Answers to Quiz Questions 1. A 2. D 3. True 4. False 5. C 6. False. First you should scan possible IP addresses for a common port and then go back and scan that address for more port possibilities. 7. A Previous Table of Contents Next