Beginner Question : Finding Network Devices Behind Firewall

By robinson crusoe ·
We have two servers and thin clients. Windows Server 2003.

I have admin account to the server.

I must map our network(First find where the cables come to the switch from).

I can't reach user interfaces. Is it because of the firewall device? How can i reach the firewall, router and switch interfaces?

Thank you.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

I'm not sure that I really understand you here

by OH Smeg Moderator In reply to Beginner Question : Findi ...

If you have Thin Clients you can only look on the Server for the Accounts.

Thin Clients as such have nothing to map as all of their processing is done on the server and sent over the Network with the actual Work Station only doing the processing to generate a Display on a monitor.

As for Mapping the actual Network Cables the Fitters who installed the cables should have done this but you can use a Cable Tester to find out where the cables actually go if there are not too many work stations.

Here without knowing what is being used if you can not access the User Accounts on the Server you are either looking in the wrong place or do not have sufficient User Privileges. You would need to tell us the basic Network Topology here so we can point you in the right direction.

It's possible that one Server is a Radius Server and runs things like ISA and the other has the User Accounts on it. But then again it's also possible that both Servers are set as a Cluster and share the workload.


Collapse -

Thank you

by robinson crusoe In reply to I'm not sure that I reall ...

Our network design is firewall->router->switch->server/clients. I think the main problem is this firewall part. I never work with them before.
There are two servers, one is terminal.
When i do ipconfig /all, default gateway something like think it's the router), but when i write it to the browser, nothing comes.
Our devices are;
- 3 servers, but i work with two of them. One is terminal.
- 3com baseline switch 2824 sfp plus
- 3com baseline switch 2824
- 2 panduit patch panels
- Netasq F60 firewall
- Zyxel Prestige 600 series router
- 30+ thin clients, 10+ pc(mostly they work with remote desktop connecting to terminal), 5+ printers.
I looked at the manufacturer's website and i see that there's an ui for this 3com switch. I think there i can find which port of the switch goes to which ip, computer mac address and host name(do i want too much :)).
I found a software named solidworks toolkit, there's a component named switchportmapper in it. Maybe this will help me. But i think i still need password and usernames for the router and switch. Thank you for helping.

Collapse -

From where are you trying to access? Is you switch managed?

by cmatthews In reply to Beginner Question : Findi ...

Is your firewall the same box as the router? These are some questions to help. For a moment I'll assume your switch is not managed and it is isolated away from the thin-clients:

Attach a laptop close to the switch and open a remote desktop connection to the server. Once you have connected to the server, run a network scan (from the server) with a basic standalone scanner like this one:

Click the IP button (to auto-detect the subnet to be scanned) and then scan your network. When the scan is complete, you should be able to identify all devices using large ping packets sent from the server.

Open a CMD prompt and constant ping the first address from the scan. eg:
ping -l 65500 -t
(type ctrl-c to stop the constant ping)

You should be able to see this kind of activity on port LED's on the switch. Unplug those specific cables (one at a time) for 0.5 sec and look for ping timeouts. You should be able to identify most clients during times of quiet network activity. The remaining few ports could be identified by disconnecting the remote end (one at a time) and watching the LED status.

Afterward, you can label the jack numbers and tag cables in the switch room.

Collapse -

Giving details

by robinson crusoe In reply to From where are you trying ...

I can go to the server room, access from there but i connect with remote desktop from my client.
You asked if my switch is managed. Does it mean it has an ui? If so, in the manufacturer's website they say it has an user interface.
Our router is Zyxel Prestige 600 series and firewall device is Netasq F60, so , no my firewall is not the same box as the router.
You said network scanner, i found solidworks toolkit and installed it to our server. I think i must have the router's and switch's username and passwords to make this program work.
I'll try the software you advice.
I can't try the things you said last. Our company works 7/24 and i can't plug out and in cables. I can't reset server. These are my main problems. Thank you.

Collapse -

Test with one client, normally 0.5 sec is not interuptive...

by cmatthews In reply to Giving details

...but it is enough to time-out a loaded ping packet.

As for the web gui on the 3com switch, Bingo! Get familiar with the manual and you should have all you need (without all my suggested visual LED acrobatics). Try to use the default user and password and if that doesn't work, it's like Oh Smeg said, the fitters who installed your network cables should be able to provide that.

If they don't know the password, convince your boss that the switch password reset procedure (usually less than 5 minutes) is absolutely necessary for future stability on a 7/24 network. A managed or semi-managed switch is like gold (especially when you are supporting them from remote) and it has a log that helps you trace back problems. Tell him also it can show client bandwidth, reboots and even high cable error counts to provide you with pro-active solutions.

Once you know the MAC address connections by port number the IP scanner will give you the MAC, IP and NetBIOS name to complete the picture. Above all, have fun! because the new documentation should make life easier.

Collapse -

Still don't think the guy knows what thin clients are

by CG IT In reply to Beginner Question : Findi ...

Maybe he should look it up on Wiki.

Think clients might be diskless.

But the gist is, what is seen on the screen usually comes from the server. no local machine computing.

So user interfaces are on the terminal server not on the thin clients.

mapping cable runs, if you've got a blinker, you can hook that up which will blink the switch port. You simply label it and then note it on the floor plan.

but if it was me, I wouldn't let anyone near the comm room that doesn't have some knowledge of networking. If only the basics.

Collapse -

Somehow I doubt he has a blinker..

by cmatthews In reply to Still don't think the guy ...

..that's why I suggested heavy ping packets. But if he brings one of his thin clients into the IT room, he likely won't be able to ping anything.

Add to that, the possibility that the company who installed this may have made some VLAN assignment's.. So even if he scans for IP's, he better count ports, because he may not see everything.

Oh well, sometimes ya gotta work wit what ya got!

Collapse -

I understand what you mean.

by robinson crusoe In reply to Still don't think the guy ...

I think you mean there are no hostnames or information as every user can use every thin client in the company.
We have thin clients but their users are the same all the time. So when i want to test connections i can ask them to log onto their account, and map that switch. I don't have any devices for now but i can ask my boss to buy what we need.
Thank you.

Collapse -

Find a way to the switch

by robinson crusoe In reply to Beginner Question : Findi ...

I have two switches. One is managed, one is not. I found the user interface for the managed one. There's a tool called discovery in 3com's website and it finds all switches. UI didn't help me like i hoped.

I see a serial port and a USB port behind the firewall device. I'll try to connect it with a laptop and a suitable cable or converter.

I couldn't find a way to router ui.

I think the answer is to solve firewall device.

Collapse -

Did you try large ping packets from the IT room? What did ..

by cmatthews In reply to Find a way to the switch see? If you saw nothing reduce the /L parameter to 1490 bytes to see if the clients respond (some devices have an IP stack that can't deal with segmented ICMP packets). You didn't say what you got from the scan either..

Forget the router, if your original goal was to map the physical layout, it has to be done at layer 2 - your switch. This is because each client has a unique MAC address (possibly written on the back of each as 12 hexadecimal characters or 6-pairs separated) these will match-up with your scan results.

I looked at the manual for your switch and found you were correct - that UI has no way to show mac tables on a per port basis. The only way I can see to check MAC addresses on a per/port basis is to use port mirroring to an unused port (maybe patch it back to your desk PC?) and a tool like WireShark.

All this is getting a bit long, but it doesn't have to be complicated.. And you are sure the cable fitters did not mark the jacks, cables, plates or anything?

Related Discussions

Related Forums