Chapter 6. Device Discovery and Mapping
The earlier chapters in this book focused on collecting information on the smaller parts of a network, such as the configuration of an individual computer or the path between a pair of computers. Starting with this chapter, we will broaden our approach and look at tools more suited to collecting information on IP networks as a whole. The next three closely related chapters deal with managing and troubleshooting devices distributed throughout a network. This chapter focuses on device discovery and mapping. Additional techniques and tools for this purpose are presented in Chapter 7, "Device Monitoring with SNMP", once Simple Network Management Protocol (SNMP) has been introduced. Chapter 8, "Performance Measurement Tools" focuses on the collection of information on traffic patterns and device utilization throughout the network.
Contents:Troubleshooting Versus Management
Mapping or Diagramming
Politics and Security
This chapter begins with a brief discussion of the relationship between network management and troubleshooting. This is followed by a discussion of ways to map out the IP addresses that are being used on your network and ways to find which IP addresses correspond to which hosts. This is followed by a description of ways to discover more information on these hosts based on the network services they support and other forensic information. The chapter briefly discusses scripting tools, then describes the network mapping and monitoring tool, tkined. The chapter concludes with a brief description of related tools for use with Microsoft Windows platforms.
6.1. Troubleshooting Versus ManagementSome of the tools in the next few chapters may seem only marginally related to troubleshooting. This is not a totally unfair judgment. Of course, troubleshooting is an unpredictable business, and any tools that can provide information may be useful in some circumstances. Often you will want to use tools that were designed with another purpose in mind.
But these tools were not included just on the off chance they might be useful. Many of the tools described here, while typically used for management, are just as useful for troubleshooting. In a very real sense, troubleshooting and management are just different sides of the same coin. Ideally, management deals with problems before they happen, while troubleshooting deals with problems after the fact. With this in mind, it is worth reviewing management software with an eye on how it can be used as troubleshooting software.
6.1.1. Characteristics of Management SoftwareEveryone seems to have a different idea of exactly what management software should do. Ideally, network management software will provide the following:
6.1.2. Discovery and Mapping ToolsA wide range of tools is available. At the low end are point tools -- tools designed to deal with specific tasks or closely related tasks. Several of the tools we will examine, such as arpwatch and nmap, fall in this category. Such tools tend to be well focused and do their job well. Typically, they are very easy to learn to use and are usually free or quite inexpensive.
Also found at the low end are toolkits and scripting languages for creating your own applications. Unlike most prebuilt tools, these can be extremely difficult to both learn and use, but they often give you the greatest degree of control. The quality of the final tool will ultimately depend on how much effort and skill you put into its creation. The initial outlay may be modest, but the development time can be extremely costly. Nonetheless, some people swear by this approach. The idea is that time is spent once to develop a tool that saves time each time it is used. We will look very briefly at the scripting language Tcl and its extensions. The primary goal here will be to describe the issues and provide information on how to get started.
At the middle of the range are integrated packages. This type of software addresses more than one aspect of network management. They typically include network discovery, mapping, and monitoring programs but may include other functionality as well. Typically they are straightforward to use but don't perform well with very large, diverse networks.
Finally, at the high end are frameworks. Roughly, these are packages that can be easily extended. Since you can extend functionality by adding modules, frameworks are better suited for larger, diverse networks. But be warned, dividing lines among these last categories are not finely drawn.
Unfortunately, at the time of this writing, there aren't many freely available packages at these higher levels. The leading contenders are really works in progress. tkined is described in this chapter and the next because it seemed, at the time this was written, to be further along and fairly stable. But there are at least two other projects making rapid progress in this area that are worth considering. The work of Open Network Management Systems (http://www.opennms.org) is truly outstanding and making terrific progress. The other is the GxSNMP SNMP Manager (http://www.gxsnmp.org), a part of the GNOME project. Both are open source (http://opensource.org) projects, and both appear to have a committed base of supporters and are likely to be successful. At the time this was written, both had begun to release viable tools, particularly the Open Network Management Systems folks. (Linux users may want to also consider Cheops.)
6.1.3. Selecting a ProductIt may seem strange that a book devoted to noncommercial software would recommend buying software, but network management is one area in which you should at least consider the possibility. Commercial products are not without problems, but noncommercial mapping and management tools are relatively scarce. Depending on the size of the network you are dealing with, you may have little choice but to consider commercial products at this time.
The key factors are the size of your network, the size of your budget, and the cost of a nonfunctioning network. With point tools, you will be forced to put the pieces together. Certainly, this is something you can do with a small network. If you are responsible for a single LAN or small number of LANs and if you can tolerate being down for a few hours at a time, then you can probably survive with the noncommercial tools described here. But if you are responsible for a larger network or one that is rapidly changing, then you should consider commercial tools. While these may be quite expensive, they may be essential for a large network. And if you are really dealing with a large number of machines, the cost per machine may not be that high.
Even if you feel compelled to buy commercial management software, you should read the rest of this chapter. Several of the point tools described here can be used in conjunction with commercial tools. Some of these tools, because they are designed for a single function, will perform better than commercial tools that attempt to do everything. In a few instances, noncommercial tools address issues not addressed by commercial tools.
Copyright © 2002 O'Reilly & Associates. All rights reserved.