I recently tried to do this myself, and couldn't get it to work.  Your best bet is probably to ask your Network Team for the subnets being used.

Here are some of the notes I got while working with ServiceNow Support. I can't answer any questions you have as I didn't quite understand, so I gave up and just went with what our Networking Team said:

- add segments\networks to the private IP range sets that are considered to be internal.

They have suggested :
--> To add standard all private IP range sets in "Discovery range sets" for the "Network Discovery" Schedule.
Steps:
--Go to Network Discovery Schedule
--Click on the Discovery Range Sets
-- Click "New"
--Add IP Network Range.
-->Or Edit the existing Discovery range sets by clicking on " Private IP addresses" and click on Discover IP ranges
-->Click on the IP address list change they type to "IP range" intsead of List and add the range.
-->Run a discovery. This would then populate, subnet and the IP network Table

We all know there are only a set amount of segments that are reserved as private IPs. Mostly the 3 segments already mentioned per below wiki. These segments can be used by any company internally.
https://en.wikipedia.org/wiki/Reserved_IP_addresses
A network that is not part of these segments, considered to be PUBLIC NETWORK. These networks are assigned to organizations after customers asked for it, so if for example I have founded a company and I want to be connected to the internet, I must ask for public segments from some worldwide organization that manages all public IPs [So 2 companies won't use the same IPs by accident]
So I can't tell what are the organization's networks that were assigned to the specific company - only the company knows - networking team should know.

Lets say we start with ANY router as the customer suggested - How can we tell what is the boundary of his network?
"It continues until all the routers and switches have been explored":
1. Switches are not part of this discovery
2. How do we know when to stop? We don't know customer network routers..Even if we do, what if a new one is added.
Should we stop when we can't discover a device? What if credentials were not configured properly which caused the device not to be discovered?
In addition, It will cause us trying and discovering real devices on the internet that are not part of his organization - not something we want to do

We stop WHEN THE NEXT ROUTER OUT OF BOUNDARY - This boundary is by default the known 3 segments.
If the customer has public IPs assigned to his organization, he should add these segments into the boundary.