107

Chapter 6. Device Discovery and Mapping

The earlier chapters in this book focused on collecting information on the smaller parts of a network, such as the configuration of an individual computer or the path between a pair of computers. Starting with this chapter, we will broaden our approach and look at tools more suited to collecting information on IP networks as a whole. The next three closely related chapters deal with managing and troubleshooting devices distributed throughout a network. This chapter focuses on device discovery and mapping. Additional techniques and tools for this purpose are presented in Chapter 7 , once Simple Network Management Protocol SNMP has been introduced. Chapter 8 focuses on the collection of information on traffic patterns and device utilization throughout the network. This chapter begins with a brief discussion of the relationship between network management and troubleshooting. This is followed by a discussion of ways to map out the IP addresses that are being used on your network and ways to find which IP addresses correspond to which hosts. This is followed by a description of ways to discover more information on these hosts based on the network services they support and other forensic information. The chapter briefly discusses scripting tools, then describes the network mapping and monitoring tool, tkined. The chapter concludes with a brief description of related tools for use with Microsoft Windows platforms.

6.1 Troubleshooting Versus Management

Some of the tools in the next few chapters may seem only marginally related to troubleshooting. This is not a totally unfair judgment. Of course, troubleshooting is an unpredictable business, and any tools that can provide information may be useful in some circumstances. Often you will want to use tools that were designed with another purpose in mind. But these tools were not included just on the off chance they might be useful. Many of the tools described here, while typically used for management, are just as useful for troubleshooting. In a very real sense, troubleshooting and management are just different sides of the same coin. Ideally, management deals with problems before they happen, while troubleshooting deals with problems after the fact. With this in mind, it is worth reviewing management software with an eye on how it can be used as troubleshooting software.

6.1.1 Characteristics of Management Software

Everyone seems to have a different idea of exactly what management software should do. Ideally, network management software will provide the following: Discovery and mapping Discovery includes both the automatic detection of all devices on a network and the collection of basic information about each device, such as the type of each device, its MAC address and IP address, the type of software being used, and, possibly, the services it provides. Mapping is the creation of a graphical representation of the network showing individual interconnections as well as overall topology. Event monitoring 108 Once a picture of the network has been created, each device may be monitored to ensure continuous operation. This can be done passively, by waiting for the device to send an update or alert, or by actively polling the device. Remote configuration You should be able to connect to each device and then examine and change its configuration. It should also be possible to collectively track configuration information, such as which IP addresses are in use. Metering and performance management Information on resource utilization should be collected. Ideally, this information should be available in a usable form for purposes such as trend analysis and capacity planning. Software management Being able to install and configure software remotely is rapidly becoming a necessity in larger organizations. Being able to track licensing can be essential to avoid legal problems. Version management is also important. Security and accounting Depending on the sensitivity of data, the organizations business model, and access and billing policies, it may be necessary to control or track who is using what on the network. It doesnt take much imagination to see how most of these functions relate to troubleshooting. This chapter focuses on discovery and mapping. Chapter 7 will discuss event monitoring and the remote configuration of hardware and software. Metering and performance management are discussed in Chapter 8 . Security is discussed throughout the next three chapters as appropriate.

6.1.2 Discovery and Mapping Tools