We have an internal network that can be -- at best -- described as a bit baroque. More and more of it is known, but the structure is not clear and not well documented.
What I'd like is a graphical tool, preferably for Mac, but optionally for Windows (and as a last resort, unix-based with some kind of browsable output) that will allow us to dynamically discover:
- What the network topology is; what subnets exist, how they connect, &c.
- What hosts are running on the network.
- What services are running on those hosts, either by name or by port number if necessary.
Please bear with me on any cluelessness in the question above; I'm a programmer, not a sysadmin or networking guru, and so I might be asking the wrong question. I have been given responsibility for the maintenance of our firewall rules, which dictate how our various subnets (desktop, testing, QA, production) are to be allowed to speak to each other and to the outside world, and I want to have a better picture of what the network looks like.
I have a $0 budget for this, so sadly commercial-only solutions will not work for me.
If you know your subnets you can aim nmap at them: This will give you an idea of what's running on on your network. As a bonus it will identify hosts/services/operating systems (with a fair degree of accuracy).
Presumably since you're now responsible for the firewalls you have a copy of the ruleset and can sketch at least a vague picture of your network (subnets, firewalls & routers ; possibly switches).
If you don't have at least a vague breakdown of how your network looks then "network mapping" software may be for you -- I know of and personally like InterMapper, which is happy running on Macs or Windows systems. It's commercial software, but I've found their pricing reasonable. To really work well InterMapper needs to have SNMP running on your switches/routers (so it can query them and build a picture of your topology).
Spiceworks has a free tool I'm not really familiar with, but may also be good to look at - I know a few folks who have used it and said good things.
There are probably also other open-source alternatives worth looking at though none jump immediately to mind.
Spiceworks has an "ok" network mapping tool, but like any tool, you're going to have spend a considerable amount of time nursing it along, providing credentials, and filling in (and correcting errors) as you go.
It requires Windows for the server/crawler, but is managed with a Web interface so working on it from your Mac shouldn't be an issue.
I was going to recommend Spiceworks. Their network mapping tool is mediocre at best. I would go with the above suggestion of nmap. I'm going to give InterMapper a try now. Good luck.