Network Documentation

Every time I have started a new job over the last few years I have always gone in hoping to get a look at the companies network documentation, which would enable me to get up to speed and working with the team in no time.  Sadly I have always been told the same thing, "What documentation"?!  I think that network documentation is an important aspect of any network and should be taken seriously.  There are many benefits to documenting your network which include:

• Ease in troubleshooting
• Helping with new hires
• Makes project planning easier
• Helps with collaboration between different departments

Being that I have had to start from scratch with network documentation every time I thought I would share some tips that I have put together over the years.  First you will need a good IP scanner which can pull live IP addresses from the network.  Personally I use NMAP or Angry IP Scanner as both are very quick and provide valuable information.  NMAP is also useful later on when you want to run port scans against a machine to find out what services are running.  Angry IP Scanner will allow you to dump the output of the scan to an excel spreadsheet making it easier to reference later on.  You should also start by locating and looking through the DHCP scopes on your network.  This will help you weed out "client" addresses when looking for servers and network devices from your scan.  I usually start to draw out some diagrams by hand when starting to get an idea of what goes where on the network.  As I start to get a better idea and can put IP to device I will move my diagram over into Microsoft's Visio (one of the better programs they have produced).  Many vendors out there produce stencils for Visio making it easy to put together documentation, diagrams, and subnet depictions.

When working on your documentation look through the different subnets and VLANs that your network holds.  You may also need to work with other departments to acquire all the information that you need.  You should also look through and document configuration files for routers, switches, and firewalls.  This might also include mapping switch ports to VLANs and making sure that your firewall/router interfaces are configured properly.  I must say that I continuously use my own documentation to work through projects and they have always been worth the effort.  Below is just a quick list of places to acquire information from when putting together your documentation that I have used in the past.

• Active Directory (Site Replication, Group Policy)
• DHCP Servers (Scopes, DHCP Options, Subnets, PXE Options)
• Routers/Switches (VLANs and Subnets)
• Firewalls (Security Policies, Access rules)
• DMZ (IDS servers/appliances, Web Servers)
• PING & TRACEROUTE
• Nmap & Angry IP Scanner
• www.maxmind.com (IP address lookup for remote offices)
• VPN Configs (IPSEC & Site-to-Site)
• Model & Serial Numbers