I’ve been spending some time doing a complete inventory of a rather complex IT environment, with more firewalls, servers, weird networking and all-round oddness that imaginable. The network has around 10,000 IP devices and has grown fairly organically, with various organisations having been responsible for it’s upkeep – to various levels of quality.
The need was for a “point in time” inventory of what’s out there. A we didn’t have use of a big tool like centinel nor wish to use the existing network management tools (to provide an independent result). Oh, and I had limited admin access rights.
Here’s how I did it
Largely, the work was split into two pieces, a Wintel Audit and an “non Wintel” – encompassing networks, printers, switches, SANs…
The Wintel Audit was fairly easy – I cobbled together a VBScript to query machines using WMI and pull back installed software, machine spec, and so on – just the basic in you might want if you need to take migration decisions. I’ll post the script up in my next blog entry.
The Non-Wintel was more involved. Firstly, i used nmap to scan every IP device. It takes an “educated guess” as to what the device is, and does a reasonable job. The most surprising fact was there was quite a lot wintel kit in here I hadn’t picked up. This was because machines were in different domains and workgroups. These were then added to the wintel audit.
This gave me an outline of what to look for and how to investigate.
There was hundreds of printers on the estate, almost all HP. The nmap tool had done a reasonable job of guessing the type, but it wasn’t precise. To do this, I fired up HP Jet Direct tools, which is a little light-weight tool that HP no longer provide in this basic form. Shame, because it’s all that’s needed. I just gave the IP addresses relating to HP printers and it went off an queried them. Minutes later, I had netbios names and proper printer models. Lovely.
I didn’t have full access to networking devices, but I did have the SNMP community strings. Therefore I used Billy the Kid’s cisco SNMP tool.
I simply fired in the switches IP address, the community string and the tool got the switches CDP neighbours, helpfully giving me the model names and IP addresses of Layer-2 connected switches. From this, I was not only able to build a network map, I was able to make the inventory far more accurate.
However, there was an area that was, by design, hidden from view. The client has multiple connections to multiple systems, so has a myriad of firewalls and DMZ’s. I peered through the firewall rulesets to see if I could find equipment on the network that was hidden from ICMP scans. Easy on the Cisco ASDM, Checkpoint FW1 and the Juniper – slightly more complex reading the config of an old PIX! Doing this enabled me to find servers, switches and more Firewalls behind Firewalls.
Then is was just a case of manually picking off the oddities. The nmap scan found lots of Sun boxes, helpfully for me they all revealed their machine name when I FTPd to them, or finger @machinename. Almost all other devices tell me enough to be useful by connecting via Telnet, SSH, http or https – APC power strips and specialised printers. I even found an plasma screen that talks IP!
The result? An asset list that’s about double the previous list…. and a lot of “must improve housekeeping” to do !