The technical folks at this company were a bit skeptical that Discovery could actually find all their stuff. So the very first thing they wanted to do was discover a particular network that they knew very well — they wanted to compare what Discovery found to what they knew was there.
After we got the MID server installed, we configured the credentials and a schedule for this well-known range. Then we started a Discovery. About fifteen minutes later, the Discovery completed and we went to Configuration -> Netgear to see if Discovery found the one switch and three routers that were known to be on that network. All four of those well-known devices were in the CMDB — but so was an "extra" switch that the technical folks had never heard of.
"No way!" was the instant response from the network guy in the room. So I drilled into this unexpected switch, and we saw that it was a Cisco Wireless Access Point (WAP). From its forwarding rules we could see that there were four devices attached to the WAP. Now the network guy was looking a bit worried.
Next we went to Configuration -> Computers to see if Discovery had picked up the four computers that were expected on the network we discovered. Yup, all four of them were there — along with four "extras". Three of the extra computers were laptops belonging to employees, and the fourth was one Discovery didn't have credentials for. The IP addresses of these computers matched the IP addresses connected to the WAP.
Hmmm... We deduced that the WAP must be connected to a switchport on the well-known switch, so we looked at its forwarding rules — and found rules to the same switchport for the IP addresses of the WAP and all four rogue computers. Ah ha! A quick reference to some internal documentation, and we determined that switchport we identified was patched to the controller's cubicle. When we figured all this out, the network guy stormed out of the office.
A few minutes later he came back in, carrying a Cisco WAP — the offender that Discovery uncovered. It seems the controller thought he'd save the IT guys some work, and he'd brought in this WAP from home and set it up. Of course he set it up completely unsecured in an office right downtown in a major city. That computer Discovery didn't have credentials for? That was someone outside the organization connecting in through this WAP.
Our network guy was not happy about the WAP, or the hijacked connection. But he went from "Discovery skeptic" to "Discovery enthusiast" in the time it took to run one Discovery!
