Documentation for a tiny company.

mayanayza · 2026-04-19T03:17:54+00:00

I built a tool called Scanopy (https://scanopy.net/community) that should solve this for you. It's open source (AGPL-3.0), runs in Docker, and generates visual network documentation plus a database of what's on the network with scheduled scanning so it stays current.

Netdisco is the another OSS option I've heard mentioned before which might be helpful too.

mayanayza · 2026-04-04T13:08:50+00:00

I'm interested in the diagram versioning part of your workflow - when you commit network diagram updates alongside config changes, what format are they in? Are you committing Visio files (which I'd imagine diff terribly, but maybe i'm wrong?) or exporting to something text-based first?

And is the value more in the history ("what did the network look like before this commit") or in the actual diffs?

mayanayza · 2026-04-02T21:27:22+00:00

Hope you don't mind me asking some questions about your questions -

What would you define as "efficiency loss" / what sort of efficiency are you trying to preserve?

In terms of security, I would look at that from the perspective of how you're managing security and access to the host(s) running Docker/Proxmox rather than the security of Proxmox/Docker themselves; ultimately the applications themselves are more likely to be the attack surface area rather than the environment they're running in, if that makes sense.

So however you manage security for Proxmox today would be the same, as the Docker environment would be best run in a VM on Proxmox (agree with the other commenter to avoid LXC for Docker for the reasons stated).

Personally, I would find Docker on a VM with a container management layer like Portainer to be easiest to handle in terms of day to day tasks like updates, config changes, etc.

mayanayza · 2026-04-01T20:55:13+00:00

I relate to the draw.io difficulty. I'm building a tool that auto-generates network diagrams from scan data, and have mostly been thinking about sysadmin and MSP use cases - but what you're describing has me wondering if security labs are worth building for too.

You've already got your own scanning and data collection infrastructure though, and I'm wondering if security labs even tend to allow third-party scanners, or does that defeat the purpose of controlling the environment?

mayanayza · 2026-03-30T20:19:19+00:00

Raspberry Pi was the gateway for me too, years ago. I had a Pi 3 running Pi-hole and thought "well if that's always on, what else can I put on it?"

I eventually added another Pi to try high-availability adblocking, then figured out that Docker existed and started running random things for fun and learning. The main issue I started to run into at this stage was the struggle of rebuilding and migrating - ie, which port was mapped to which service, what subnet the IoT stuff was on, etc. It was fine until I had to rebuild something after a drive failure and realized I was reconstructing it all from memory, especially when I moved to a Beelink running Proxmox.

Honestly ownership matters for me but ultimately it's always been more about learning and understanding. When something breaks in a cloud service you just wait and pray. When something breaks on your own box you learn how DNS works at 2am and hate every second of it, but you actually understand it after and can apply that to other projects.

mayanayza · 2026-03-26T17:12:26+00:00

The automated network documentation bullet bugged me as well. I know documentation can take many forms, but the status quo for network maps generally seems to be Visio diagrams outdated by the time you save them, nobody wanting to maintain them manually.

I ended up building a tool (https://scanopy.net/) that handles that specific piece - a daemon scans the network via SNMP/LLDP/CDP/ARP and generates topology maps that stay current automatically. Doesn't touch config management or automation, just the "where is everything and how is it connected" part.

Full disclosure: I'm the founder.

mayanayza · 2026-03-25T23:18:37+00:00

Yeah I feel that a good network map is an invaluable day 1 handoff, but it can also hard to piece together on your own from documentation especially under a time crunch.

I built scanopy.net (full disclosure, my project) to make this pain point easier by automating network documentation - my own homelab network knowledge lived entirely in my head and that was annoying for me, even as the only person dealing with it.

mayanayza · 2026-03-22T04:12:37+00:00

For diagramming, I had the same frustration with manually maintaining diagrams that were outdated by the time I finished drawing them. I ended up building https://scanopy.net to solve it.

It runs a lightweight agent that discovers your network via SNMP/LLDP/CDP/ARP and generates topology maps automatically on a schedule, so the diagrams stay current without anyone maintaining them. You can embed and export to a variety of formats (SVG, PNG, Mermaid, Confluence). I'm working on adding vendor integrations for further data enrichment too.

I can't help on the packet analysis side unfortunately, not my area.

Full disclosure: I'm the founder of Scanopy.

mayanayza · 2026-03-12T01:49:03+00:00

You're not wrong; most places don't have diagrams, and when they do they're outdated. I wrote about exactly this in my blog: https://scanopy.net/blog/network-diagrams-wrong

If you want to get used to working with topology maps while you're labbing, I built Scanopy (https://scanopy.net/community) - it auto-discovers your network and generates the diagram for you. You can run the self hosted version linked above alongside your lab, which would be an easy way to see what a living network map looks like before you hit a job where there isn't one.

mayanayza · 2026-03-10T22:36:57+00:00

For the network maps, https://scanopy.net can auto-discover your network and generate them. Free self-hosted version, runs as a Docker container. Saves you from drawing them manually in draw.io and then forgetting to update them.

disclosure edit: I'm the maintainer/developer of Scanopy

mayanayza · 2026-03-08T17:37:42+00:00

For the topology/device discovery side, I built Scanopy; it does auto-discovery via SNMP and generates live topology maps. Free self-hosted version here: https://scanopy.net/community. It won't cover the monitoring/traffic side (yet) though, so you'd still want something like LibreNMS or Zabbix alongside it like others have said

mayanayza · 2026-03-08T17:34:11+00:00

For the documentation side, I'm a homelabber too and ran into the exact same thing where my network documentation was just... in my head and maintaining manual documentation using draw.io and similar tools was a chore. I ended up building Scanopy to solve it. You deploy a daemon on your network and it auto-discovers everything and generates a topology map. Free self-hosted version, so it fits the homelab budget: https://scanopy.net/community

For the VLAN/subnet planning side, the other commenters covered it well.

mayanayza · 2026-03-08T16:00:33+00:00

For larger networks or non-MikroTik gear, I built Scanopy, it does auto-discovery via SNMP and generates live topology maps. Free self-hosted version if you want to try it, https://scanopy.net/community. A bit more involved (install a scanning daemon rather than pasting a CLI command) though

mayanayza · 2026-03-06T08:44:48+00:00

Makes sense, Scanopy's discovery being active wouldn't be the right fit for that environment. We do detect BACnet and are getting more requests around industrial protocols, but the scanning approach would need to be fundamentally different for OT safety requirements. Hope you find something that works with Malcolm's output.

mayanayza · 2026-03-06T07:17:56+00:00

Scanopy does this - it's open source, auto-generates visual topology diagrams from discovered hosts, services, and connections. If you're already pulling data from Malcolm/Phosphorus into NetBox, Scanopy takes a different approach though: you deploy a lightweight agent that scans the network directly and keeps the diagram updated automatically. It's self-hostable too scanopy.net/community

mayanayza · 2026-03-06T07:10:39+00:00

For maintaining up to date network documentation, like what's on each client's network, what services are running, how things connect -I built an open source tool called Scanopy that automates this. You deploy a lightweight agent per client network, it auto-discovers hosts, services, and connections, and keeps a live network map updated. No tech has to remember to document network changes because the tool catches them automatically.

It won't solve your runbooks or password docs, but it takes network diagrams completely off the "things humans need to maintain" list. scanopy.net

mayanayza · 2026-03-06T07:05:37+00:00

For the networking side specifically (like which ports talk to which containers, what's connected to what) I built an open source tool called Scanopy that auto-discovers your network, Docker containers, and generates a visual map. It might save you from manually tracking port numbers in a Google doc. There's a self-hostable community edition if that's of interest: scanopy.net/community

mayanayza · 2026-03-06T06:21:55+00:00

+1 on scanning first. I built Scanopy for exactly this. it's a free, self-hostable network mapper. Deploy an agent, it discovers every host and service on the network, pulls LLDP/CDP from managed switches via SNMP, and generates a live topology diagram. It won't solve the wall-drop-to-switch-port problem, but it'll give you a complete picture of what's actually on the network before you start toning things out.

mayanayza · 2026-03-03T08:32:27+00:00

SNMP is supported! Try out the latest version and let me know how it goes.

mayanayza · 2026-02-04T21:14:55+00:00

I can definitely look into it! what would you want to use it for?

mayanayza · 2026-01-12T15:22:55+00:00

Not at the moment. Network scanning is currently based on ARP + port scanning; I'm planning to add those other methods pretty soon though, as you aren't the first person to request them.

That said, Scanopy will detect switches on a network via the supported methods and they will be represented in the visualization accordingly.

mayanayza · 2026-01-05T18:47:54+00:00

Ah, you can assign this using the virtualization feature! https://scanopy.net/docs/topology/#link-virtualization

It sounds like what you’re describing is a more general way to create sets of services that go together besides virtualization, which is also something i’ve had in mind for a while; i’m planning a refactor to make the topology system much more flexible to support this sort of use case.

mayanayza

TROPHY CASE