Unraveling a Network

Giles

Giles

Member
Reaction score
13
Location
North Carolina
Does anyone have a certain procedure or protocol to follow when it comes to assessing a network pretty much blindly?

The place I'm working at has zero documentation on the network, and the person who set it up is long gone. No one really has any idea of how it was set up.There are switches, and a SonicWall, but no login credentials.

Part of me thinks, it'd be easier to rip it all out and replace, but not sure if they're willing to pay for that much work.

I've discovered they'll got two networks: one for guests and one for the office. It's a large resort and I know I can eventually unravel the mystery, but wanted to see if anyone had any tips on doing a network discovery on an abandoned network.
 
Start by doing some network scans with something like advanced ip scanner.

Hopefully the networks are giving out DHCP and you can connect and hopefully run an IP scan to see what IP addresses are up.

From there I would run zenmap to get a better idea of what each device is and the ports it has open.

From there start trying to connect to any commonly open ports such as 21,22,23,80,443,8080 etc and see what responds.

This should help you figure out what the device is. Once you know that start trying default credentials for each device to see if you can get in.

And of course document as you go.

Also ask around if anyone has any notes I often find it's the Strangest people will have a password or notes on a network. Be sure to see if they have any other commonly used passwords, people often reuse the same passwords over and over.

As a last resort you can start unplugging things and see who comes running complaining of an outage.

Sent from my SM-G870W using Tapatalk
 
nerd2u said:
Start by doing some network scans with something like advanced ip scanner.

Hopefully the networks are giving out DHCP and you can connect and hopefully run an IP scan to see what IP addresses are up.

From there I would run zenmap to get a better idea of what each device is and the ports it has open.

From there start trying to connect to any commonly open ports such as 21,22,23,80,443,8080 etc and see what responds.

This should help you figure out what the device is. Once you know that start trying default credentials for each device to see if you can get in.

And of course document as you go.

Also ask around if anyone has any notes I often find it's the Strangest people will have a password or notes on a network. Be sure to see if they have any other commonly used passwords, people often reuse the same passwords over and over.

As a last resort you can start unplugging things and see who comes running complaining of an outage.

Sent from my SM-G870W using Tapatalk
Click to expand...

Got Advanced IP scanner ready to go, but I had forgotten about ZenMap! Apparently there is one person who knows a little, but I'm not getting my hopes up. These are the same folks with the Mitel phones.
 
Don't forget to do physical labeling. As in ports, patch panels, and interconnect patch cables. I know you starting out again but if there's a hardware big box you can pick up a toner and wand which will help trace cable. https://www.homedepot.com/p/Fluke-Networks-Pro-3000-Tone-and-Probe-Kit-26000-900/202290922 It's an essential tool for dealing with data and voice cabling.

And take plenty of pictures. For equipment make sure to include front, back and label.
 
Giles said:
Does anyone have a certain procedure or protocol to follow when it comes to assessing a network pretty much blindly?
Click to expand...

  1. Pull out a network connection.
  2. Wait for an employee to shout "my internet's not working!".
  3. Shout back "what's your name?".
  4. User replies "John".
  5. Plug network connection back in and shout "are you back on now, John?".
  6. If user replies "Yes, thanks" ....
  7. Write down the port number add a note: "Connects to John's computer".
  8. Return to step 1 and repeat.

;)


But seriously, I'd simply start by working through the network, connection by connection, labelling and documenting everything. Once you have it all mapped out, you can assess what needs to be done (and quote/advise accordingly).
 
Last edited:
Giles said:
Part of me thinks, it'd be easier to rip it all out and replace, but not sure if they're willing to pay for that much work..
Click to expand...

To be honest....don't discount the fact that it is probably cheaper for the client to have you rip/replace everything from scratch. You can spend hours...and hours...trying to figure out existing medium or larger sized "undocumented" networks. And unless you're volunteering your time, those charges can really add up to a large invoice to the client!! I recommend just sitting back and discussing the clients needs, and come up with a whole new setup for the network (which will likely be much better, more secure, better performing), new equipment that is easily remotely managed (like Ubiquiti or Datto), and just start from scratch.
 
Moltuae said:
  1. Pull out a network connection.
  2. Wait for an employee to shout "my internet's not working!".
  3. Shout back "what's your name?".
  4. User replies "John".
  5. Plug network connection back in and shout "are you back on now "John?".
  6. If user replies "Yes, thanks" ....
  7. Write down the port number add a note: "Connects to John's computer".
  8. Return to step 1 and repeat.
;)


But seriously, I'd simply start by working through the network, connection by connection, labelling and documenting everything. Once you have it all mapped out, you can assess what needs to be done (and quote/advise accordingly).
Click to expand...
LOL that is hilarious. And that's really what I ended up doing. I have made a lot more sense of it today.
 
YeOldeStonecat said:
To be honest....don't discount the fact that it is probably cheaper for the client to have you rip/replace everything from scratch. You can spend hours...and hours...trying to figure out existing medium or larger sized "undocumented" networks. And unless you're volunteering your time, those charges can really add up to a large invoice to the client!! I recommend just sitting back and discussing the clients needs, and come up with a whole new setup for the network (which will likely be much better, more secure, better performing), new equipment that is easily remotely managed (like Ubiquiti or Datto), and just start from scratch.
Click to expand...

Good point. I made some good progress today just going piece by piece. I may not have to do a complete rip and replace, but at least a partial.
 
Markverhyden said:
Don't forget to do physical labeling. As in ports, patch panels, and interconnect patch cables. I know you starting out again but if there's a hardware big box you can pick up a toner and wand which will help trace cable. https://www.homedepot.com/p/Fluke-Networks-Pro-3000-Tone-and-Probe-Kit-26000-900/202290922 It's an essential tool for dealing with data and voice cabling.

And take plenty of pictures. For equipment make sure to include front, back and label.
Click to expand...
I do have a toner and it has been a big help. Fortunately, they have a well labeled patch panel, which helped.
 
You must log in or register to reply here.

Similar threads

HCHTech
Narrowing down a internet issue
Replies
5
Views
531
YeOldeStonecat
YeOldeStonecat
Metanis
[WARNING] Network sharing credentials broke this morning.
Replies
2
Views
760
Diggs
Diggs
HCHTech
Slow opening times for files on a network drive
Replies
10
Views
1K
trevm999
trevm999
YeOldeStonecat
Before and After pics of a network distro
Replies
1
Views
705
HCHTech
HCHTech
Velvis
Question about hotspot on a phone
Replies
7
Views
762
Diggs
Diggs
Back
Top