Workshop

For the second option, you’ll have to be familiar with the client (for example, the Telnet client). Many
Telnet clients allow you to put a hostname or IP address in the command line that invokes the program,
so check the properties of a working icon to glean hostnames or IP addresses (see Figure 24.2). It’s
entirely possible that someone has set up an entire office using just IP addresses. I’ve seen it happen!
Figure 24.2 The “assessor” icon points to the program NetTerm but supplies the program with the
command-line parameter of “assessor.”
If DNS is in the picture, you can usually dump the name table using nslookup, as discussed in Hour
20, “Network Troubleshooters Just Wanna Have Fun.” Remember, nslookup doesn’t work for
Windows 9x; you’ll have to check out one of the nslookup equivalents. Some of the “network
discovery” tools listed in the next section will also dump any given name table (see Figure 24.3).
Figure 24.3 Because nslookup isn’t an option for Windows 9x users, you’ll have to use a third-party
utility. NS-Batch is one way to dump a DNS table.
Once you have either server names or IP addresses for your important servers, connect them to the
appropriate segments laid out when you performed router discovery. If the servers are on a segment that
you don’t know about, perform a “traceroute” to the server, which will show you the segments that it
passes through. You can telnet to each hop (because it’s definitely a router), gather configuration
information along the way, and flesh out your map.
Some people configure their name servers to disallow a name dump from an arbitrary workstation. This is
a good security practice but a pain in the neck for network discovery. You’ll have to log in to the primary
or secondary server and print out the DNS configuration file. On UNIX, you can usually take a look at the
/etc/named.boot file:
directory /usr/local/named