How To Reverse Engineer A Network

Hi everyone,

Is there any way for someone to "reverse engineer" a network?
I am looking through thousands and thousands of lines of config and I don't even know how to start off.
Especially those router ospf 1 network x.x.x.x commands.

Find more posts tagged with

Comments

negru_tudor

Start off simple I guess:

- use CDP/LLDP and Telnet/SSH to draw a network topology
- use "show ip int brief" on each device to get some info on connected interfaces etc.
- use the "show ip prot" command to see what routing protocols you've deployed
- look for L2 trunks/etherchannels between switches and try to draw up a STP diagram (root ports, designated, blocking etc).

Then you could go more deep and look for tunnels, ACLs, QoS etc.

I don't think there's a "one way" to do things. Just start off with whatever you're most comfortable with and build upon that I guess.

Hondabuff

dppagc wrote: »

Hi everyone,

Is there any way for someone to "reverse engineer" a network?
I am looking through thousands and thousands of lines of config and I don't even know how to start off.
Especially those router ospf 1 network x.x.x.x commands.

We will assume that you are a server guy and your network guy quit or got fired. Take tudors advice or download a trial version of Netbrain and run it on your network and see what the topology comes out as. Any Jr. Network Engineer should be able to complete this task with out too much trouble. Mapping out unknown networks is as much fun as hunting for a burnt out bulb in a strand of Christmas lights. Document, Document, Document!!

mbarrett

Documentation comes to mind. Or start talking to people.
If you are truly running 100% blind there are some basic assumptions you can make based on your organization, offices, everyone who "should" have service. Work backwards off of what you already know.

networker050184

When doing something like this I prefer to start at a much higher level than jumping in the configs. Learn "what" the network is doing before "how" its being done.

Legacy User

Is there any documentation/diagrams of the network? Issuing the show commands mentioned by negru_tudor would get you started but it will be a pain to get the high level view without a visual representation of the network. Try Netbrain.. I haven't used it but based on the ads I seen should be able to map out your network.

beads

Visio is your friend when other tools are unavailable (NetBrain is awesome). NMap can give you a start as well. Your premise question to many of us would be: Yes, easily once you have some practice doing it.

- b/eads

dppagc

I am not a server guy.
Unfortunately, the team taking over says that the old documentation may be wrong.
I don't know how to start with thousands of line of config.

networker050184

As I said, don't start with the config. Start with a general understanding of what the network is doing. If you know whats going on then the config will become more clear.

beads

dppagc;

Your documentation is "wrong" or out of date everytime you make the slightest change to the network. No worries there. Start by identifying your Class address(es), ping sweep those and start drawing. You'll probably be shocked how complex your network really is in short order.

Don't worry. Without an automapper running your documentation already sucks. Its a matter of coming to terms with not knowing everything.

- b/eads

daveyb

beads wrote: »

Start by identifying your Class address(es),

Your what now? Classful addressing was deprecated over 20 years ago.

beads

Perhaps daveyb misunderstands the initial concept here. Allow me to be a bit more pragmatic for you. Start by understanding what addressing your "supposed" to be using internally. I've seen far too many 10.0.0.0/8 addresses used in enterprise networks, even small SMB's where a series of class B's or C's would be much more helpful. Does what your seeing match what your actually using or not? Oft times they have only a little in common with "what they should be doing" DHCP is another one service that gets readily abused and needs to be reigned in so look there.

Sorry, daveyb with small letters that I wasn't clear enough. What did you think I meant?

Pedantic lately?

- b/eads