Corp Network Help

[DigitalCancer]

Hey Guys,

I've been tasked with finding ip addresses that're in use on our network.

We have (2) buildings that are connected right now. My boss wants to setup a 'test' network for some new devices that we're looking at installing (Meraki) and since i'm 'in training' he wanted me to find what we have in use in order to put the Meraki devices on the un-used ip addresses.

Our setup is Comcast/FirstComm at one location and Comcast/AT&T at the other location (firstcomm/att are out fail-overs). I had gotten the un-used ip addresses from the router (10.) but he's wanting the nat'd Ip's I guess?

Any help on tracing it would be great! ^_^

 

[imagoon]

What do you mean by tracing? For the comcast side you would call them and get your range, then look at your network documentation to see if there is any free.

As for the 10. , that is a private range so there should be documentation about how the ranges are configured. If there is not there are some tools that can scan ranges, those can be hit or miss.

Personally my approach would be to place the Meraki in the test network in its own ip range. I am also a firm believer that wifi should be not be using IP ranges that are on the cable. IE the wifi IP's should be in another network/subnetwork from the cable to prevent various loops and other exciting issues.

 

[DigitalCancer]

Tracing probably wasn't the best wording...Basically what you said, call comcast and get the ranges and then look at what's free...how would I go about doing that on my side? Like, look up the available ranges AND see what's in use?

Also, since we have 2 networks, i'm needing to do this for both...the FirstComm/AT&T/Comcast.

And also...this is just for testing the Meraki devices on our network. For reference...

We have one location with all of the server equipment, 100MB comcast line and 40MB ATT (bonded T's) backup line.

The 2nd location is about 11miles from here...we set it up with a 100MB comcast line and a 40MB FirstComm backup. We need this location to talk to the first location b/c of network shares, email, etc. So I'm not sure of the exact setup (I've been here for 3wks now) but we're looking to re-structure the network quite a bit...I'm a network admin in training and this is really my first big outing with it and I'm trying to learn all I can...the boss thought this would be a good exercise for me as well.

 

[imagoon]

If you have no documentation....

Look at the config of the modem / firewall. See if there is any MIP mappings created for the outside IPs and inside devices... make sure the devices are actually there etc. Basically play detective.

I highly doubt your wireless AP's should be on the public internet though.

--edit--

I see Meraki has expanded a bit... what device are you installing?

 

[unokitty]

Its not clear to me what you want to do.

But if all that you want to do is identify systems that are live on your network, you could use NMAP to actively identify them. I suppose that you could also use Wireshark if you would rather use a passive method.

Though, before I used either NMAP or Wireshark, in an enterprise environment, I'd be sure to check the AUP.

Best of luck,
Uno

 

[DigitalCancer]

Ok, what I'm needing is the IP's that're in use (outside).

I have the IP's that're out there now (by calling out providers) but I'm not sure how to see which ones are in use by which devices.

We have 5 IP's for Comcast at one location and 5 at the other.
Then we have 7 IP's at the 2nd location for FirstComm (and she was able to tell me that 2 of them were in use)
Then we have 8 IP's for AT&T which seems that it might not even be configured.

My question is though, how can I see which IP's are actually in use on the network?

They are 50., 168., and a 12.

Weird thing is we have an exchange server that is on 12.129.x.x and the AT&T Ip is 12.185.x.x

 

[imagoon]

Ok, what I'm needing is the IP's that're in use (outside).

I have the IP's that're out there now (by calling out providers) but I'm not sure how to see which ones are in use by which devices.

We have 5 IP's for Comcast at one location and 5 at the other.
Then we have 7 IP's at the 2nd location for FirstComm (and she was able to tell me that 2 of them were in use)
Then we have 8 IP's for AT&T which seems that it might not even be configured.

My question is though, how can I see which IP's are actually in use on the network?

They are 50., 168., and a 12.

Weird thing is we have an exchange server that is on 12.129.x.x and the AT&T Ip is 12.185.x.x

You would look at the firewalls that manage those IPs and look for MIP mapping, Traffic, Arp proxies, NAT rules, PAT rules that reference the IPs that are in use. If you find no rules, then they are likely not in use. You can use nmap to port scan them but that doesn't always indicate anything if there are ACL's on the IPs

 

[mammador]

Get a network discovery application?

Run it, and you should get all IP addresses and even MAC addresses of all nodes.

 

[imagoon]

Get a network discovery application?

Run it, and you should get all IP addresses and even MAC addresses of all nodes.

The results will be mixed and possibly inaccurate for Internet IPs however.

 

[mammador]

From what I understand, network discovery sends a ping to all connected hosts on a subnet. It should give a picture as to which hosts are operational, and which hosts are down.

 

[mammador]

Ok, what I'm needing is the IP's that're in use (outside).

I have the IP's that're out there now (by calling out providers) but I'm not sure how to see which ones are in use by which devices.

We have 5 IP's for Comcast at one location and 5 at the other.
Then we have 7 IP's at the 2nd location for FirstComm (and she was able to tell me that 2 of them were in use)
Then we have 8 IP's for AT&T which seems that it might not even be configured.

My question is though, how can I see which IP's are actually in use on the network?

They are 50., 168., and a 12.

Weird thing is we have an exchange server that is on 12.129.x.x and the AT&T Ip is 12.185.x.x

Does your firm have a DMZ? Those seem like public addresses.

 

[imagoon]

From what I understand, network discovery sends a ping to all connected hosts on a subnet. It should give a picture as to which hosts are operational, and which hosts are down.

Pings don't tell you much. It could tell you that someone mip mapped all the IPs via proxy arp and put a generic ICMP reply rule in place. All IPs would show up. NMAP can be inaccurate if there are IP ACL's in place which happens a lot with VPN devices. Fail over IP's could show as not in use when inactive etc.

For internet facing IP's you are better off examining the firewall config than using nmap. NMAP would get you started, it just may paint you a very wrong picture.

 

[DigitalCancer]

Hey guys...I wanted to thank you guys for all the help! I managed to get it accomplished and found some pretty useful tools to add to my 'utilities' folder. ^_^

Anyway...I'm currently only A+ cert'd and was looking at moving along the path of a network engineer for my current company, would I be ok with going straight to a CCNA or should I do the NET+ first? I have the book for NET+ but I never took the test. =/

 

[Ghiedo27]

You can go straight for the ccna. The study material all starts at the very basics of what a network is. There aren't any prerequisites.

 

[DigitalCancer]

Yea, I knew there weren't any prerequisites, I just wanted to make sure there wasn't something in the NET+ that would benefit me. I assumed that's how it was setup though is a tear down from the basics to the top. ^_^

Thanks!

 

[unokitty]

would I be ok with going straight to a CCNA or should I do the NET+ first? I have the book for NET+ but I never took the test. =/

While its been more than a few years since I earned my CCNA and Network+, I'll share my experience.

I found the CCNA to be a superset of Network+. That is, it contained all the materials from Network+ as well as some basic material on Cisco's IOS and IOS functions.

If your company pays for your exams, you might consider Network+ a step on the way to CCNA.

If you are paying for your own exams, the CCNA would also include the material in Network+.

But to answer your question, I think that you would be okay taking those certification tests in whatever order that works for you.

Best of luck,
Uno

 

[DigitalCancer]

appreciate the info! I talked to the 'boss' about taking the CCNA and he said it might be hard to justify b/c we're moving away from CISCO. =/ What do you guys think of this layout?
I am currently only A+ cert'd...but have studied a bit on the NET+ but would def. need a refresher course.

NET+?

MCSE (MS Cert Sys Eng) -> MCSM
MCITP -> MCM
ISC(2)
MCSA (administrator)

 

[RadiclDreamer]

appreciate the info! I talked to the 'boss' about taking the CCNA and he said it might be hard to justify b/c we're moving away from CISCO. =/ What do you guys think of this layout?
I am currently only A+ cert'd...but have studied a bit on the NET+ but would def. need a refresher course.

NET+?

MCSE (MS Cert Sys Eng) -> MCSM
MCITP -> MCM
ISC(2)
MCSA (administrator)

The CCNA while a mainly cisco geared course is a great starting point because it teaches you TONS about network fundamentals, everything from how ARP works to OSI model, subnetting etc.

 

[spidey07]

The CCNA while a mainly cisco geared course is a great starting point because it teaches you TONS about network fundamentals, everything from how ARP works to OSI model, subnetting etc.

Agreed, it's more about the fundamentals than anything cisco specific. And since everybody generally copies cisco's IOS interface/command line you can use it no matter what gear it is.

 

[unokitty]

appreciate the info! I talked to the 'boss' about taking the CCNA and he said it might be hard to justify b/c we're moving away from CISCO. =/ What do you guys think of this layout?
I am currently only A+ cert'd...but have studied a bit on the NET+ but would def. need a refresher course.

NET+?

MCSE (MS Cert Sys Eng) -> MCSM
MCITP -> MCM
ISC(2)
MCSA (administrator)

If your boss would pay for the exam, NET+ would be a nice step. And you should be able to earn that quicker than you would earn a CCNA. Here is a link to a set of NET+ training videos.

After that, you could consider CCNA, Security+, or any of the microsoft certs.

Best of luck,
Uno