IMPORTANT: Per accedir als fitxer de subversion: http://acacha.org/svn (sense password). Poc a poc s'aniran migrant els enllaços. Encara però funciona el subversion de la farga però no se sap fins quan... (usuari: prova i la paraula de pas 123456)

El protocol Cisco Discovery Protocol (CDP és un protocol propietari de capa 2 desenvolupat per Cisco.

La seva utilitat és:

  • Obtenir informació (versió del sistema operatiu, adreça IP) dels dispositius CDP que esta connectats directament entre si.Getting information about the directly connected CDP devices such as the operating system version and IP address.
  • Permet comprovar que la connectivitat de capa 2 és correcta en cas de tenir problemes amb la capa 3.

Els paquets d'anunci ( CDP announcements) són enviats a la adreça de destinació multicast: 01:00:0c:cc:cc:cc

Linux

Per defecte Linux no suporta el protocol CDP. Podeu utilitzar les cdp-tools per activar el suport.

TODO:

Enabling CDP on Linux systems can be interesting on routers like Quagga and Vyatta in a Cisco environment.

Download CDP-tools in the /root directory. If you want to download "cdp-tools" directly from the Linux CLI, proceed as follows:

  1. wget http://gpl.internetconnection.net/files/cdp-tools.tar.gz

Extract "cdp-tools":

  1. tar -xvf cdp-tools.tar

This will create the "cdp-tools" directory.

Download and install the "build-essential" meta-package containing the tools to compile programs.

  1. apt-get install build-essential

Download and install libnet0-dev: Libnet0 is a generic networking API that provides access to several protocols.

  1. apt-get install libnet0-dev

The libpcap library (in our example libpcap0.8-dev) is installed at the same time.

Compile "cdp-tools":

  1. make

cc -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -DLIBNET_LIL_ENDIAN -c -o cdp-listen.o cdp-listen.c cc cdp-listen.o /usr/lib/libpcap.so -o cdp-listen cc -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -DLIBNET_LIL_ENDIAN -c -o cdp-send.o cdp-send.c cdp-send.c:70: warning: 'packed’ attribute ignored for field of type ‘unsigned char[6]' cdp-send.c:71: warning: 'packed' attribute ignored for field of type 'unsigned char[6]' cdp-send.c:74: warning: 'packed' attribute ignored for field of type 'u_int8_t' cdp-send.c:75: warning: 'packed' attribute ignored for field of type 'u_int8_t' cdp-send.c:77: warning: 'packed' attribute ignored for field of type 'u_int8_t' cdp-send.c:78: warning: 'packed' attribute ignored for field of type 'u_int8_t[3]' cc cdp-send.o /usr/lib/libnet.so -o cdp-send

If everything goes as planned, you should have two new files called "cdp-send" and "cdp-listen" which are used to respectively send or receive traffic.


                      1. cdp-send            2. cdp-listen


1. cdp-send

Launch cd-send

cdp-send is used to send CDP traffic to directly connected devices.

Let's launch cdp-send with the minimal setting:

Syntax: cdp-send [options] interfaces... &

/root/cdp-tools/cdp-send eth0 "eth0" is the interface through which we are sending CDP traffic. "/root/cdp-tools/cdp-send eth1 eth2" would send CDP traffic trough the eth1 and eth2 interfaces.

Check how a directly connected Cisco device sees our Linux machine:

Cisco_device>show cdp neighbours Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

 	S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
 	  	  	  	  	 

Device ID Local Intrfce Holdtme Capability Platform Port ID ubuntu Fas 1/0/5 176 H i686 eth0 The Linux system is seen as a layer 3 host "H", on interface "eth0", with a hostname "ubuntu" and a platform "i386".

Cisco_device>show cdp neighbours details Device ID: ubuntu Entry address(es):

   IP address: 10.1.1.1

Platform: i686, Capabilities: Host Interface: FastEthernet1/0/5, Port ID (outgoing port): eth0 Holdtime : 120 sec

Version : Linux 2.6.22-10-generic

advertisement version: 2 Management address(es): Configure "cdp-tools" to start automatically on startup:

  1. crontab -u root -e

@reboot /root/cdp-send eth0

Top of the page


cd-send advanced settings:

To see the advanced settings:

  1. /root/cdp-send

Usage: cdp-send [options] interfaces... &

 	-a 	addr 	use specified address instead of that on interface
 	-c 	caps 	enable capabilities (try -c list)
 	-d 	enable 	debugging output
 	-D 	dom 	specify VTP management domain (octal escapes ok)
 	-L 	vlan 	specify native VLAN (vlanid)
 	-V 	vlan 	specify voice VLAN (voiceid)
 	-m 	mach 	specify machine/platform to advertise (e.g. "i686")
 	-n 	name 	specify a hostname
 	-p 	name 	override port name (default: interface)
 	-P 	duplex 	specify port duplex (full/half)
 	-o 	enable 	oneshot mode
 	-s 	vers 	specify software/version to advertise (e.g. "Linux 2.6.22-10-generic")
 	-S 	subnet 	specify ip prefix/subnet (need for routers, etc)
 	-t 	secs 	set wait-time (default: 60 seconds)

Let's see an example, where our test ubuntu machine pretends to be a Cisco device.

  1. /root/cdp-send eth0 -n "7206 Core" -m 7206VXR -p "Fas 0/0" -P half -c l3r -s 7206VXR -a 10.1.1.1 -V 123 -s "Cisco Internetwork Operating System Software S (tm) 7200 Software (C7200-IK9S-M), Version 12.2(23a), RELEASE SOFTWARE (fc2) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Tue 30-Mar-04 12:26 by kellmill"

Check how the directly connected Cisco device sees our Linux machine:

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

 	S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
 	  	  	  	  	 

Device ID Local Intrfce Holdtme Capability Platform Port ID 7206 Core Fas 1/0/5 176 R 7206VXR Fas 0/0 The Linux system is seen as a layer 3 router "R", on interface "Fas 0/0", with a hostname "7206 Core" and a platform "7206VXR".

Cisco_device>show cdp neighbours details Device ID: 7206 Core Entry address(es):

   IP address: 10.1.1.1

Platform: 7206VXR, Capabilities: Router Interface: FastEthernet1/0/5, Port ID (outgoing port): Fas 0/0 Holdtime : 164 sec

Version : Cisco Internetwork Operating System Software S (tm) 7200 Software (C7200-IK9S-M), Version 12.2(23a), RELEASE SOFTWARE (fc2) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Tue 30-Mar-04 12:26 by kellmill

advertisement version: 2 Management address(es):

Top of the page


cd-send packet analysis:

The debugging (-d) option shows the CDP Ethernet frame.

  1. /root/cdp-send eth0 -d -n "7206 Core" -m 7206VXR -p "Fas 0/0" -P half -c l3r -s 7206VXR -a 10.1.1.1 -V 123 -s "Cisco Internetwork Operating System Software S (tm) 7200 Software (C7200-IK9S-M), Version 12.2(23a), RELEASE SOFTWARE (fc2) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Tue 30-Mar-04 12:26 by kellmill"

Sent over: eth0, total length: 306 0000 01 00 0c cc cc cc 00 1c 23 11 22 33 01 24 aa aa ........#....$.. 0001 03 00 00 0c 20 00 02 b4 d4 3d 00 01 00 0d 37 32 .... ....=....72 0002 30 36 20 43 6f 72 65 00 02 00 11 00 00 00 01 01 06 Core......... 0003 01 cc 00 04 0a 01 01 01 00 03 00 0b 46 61 73 20 ............Fas 0004 30 2f 30 00 04 00 08 00 00 00 01 00 05 00 d7 43 0/0............C 0005 69 73 63 6f 20 49 6e 74 65 72 6e 65 74 77 6f 72 isco Internetwor 0006 6b 20 4f 70 65 72 61 74 69 6e 67 20 53 79 73 74 k Operating Syst 0007 65 6d 20 53 6f 66 74 77 61 72 65 20 53 20 28 74 em Software S (t 0008 6d 29 20 37 32 30 30 20 53 6f 66 74 77 61 72 65 m) 7200 Software 0009 20 28 43 37 32 30 30 2d 49 4b 39 53 2d 4d 29 2c (C7200-IK9S-M), 000a 20 56 65 72 73 69 6f 6e 20 31 32 2e 32 28 32 33 Version 12.2(23 000b 61 29 2c 20 52 45 4c 45 41 53 45 20 53 4f 46 54 a), RELEASE SOFT 000c 57 41 52 45 20 28 66 63 32 29 20 43 6f 70 79 72 WARE (fc2) Copyr 000d 69 67 68 74 20 28 63 29 20 31 39 38 36 2d 32 30 ight (c) 1986-20 000e 30 34 20 62 79 20 63 69 73 63 6f 20 53 79 73 74 04 by cisco Syst 000f 65 6d 73 2c 20 49 6e 63 2e 20 43 6f 6d 70 69 6c ems, Inc. Compil 0010 65 64 20 54 75 65 20 33 30 2d 4d 61 72 2d 30 34 ed Tue 30-Mar-04 0011 20 31 32 3a 32 36 20 62 79 20 6b 65 6c 6c 6d 69 12:26 by kellmi 0012 6c 6c 00 06 00 0b 37 32 30 36 56 58 52 00 0b 00 ll....7206VXR... 0013 05 00 ... The same Ethernet frame analyzed with tshark, the CLI Wireshark version.

Frame 4 (306 bytes on wire, 306 bytes captured)

 	Arrival Time: Nov 11, 2007 14:37:11.128038000
 	[Time delta from previous captured frame: 0.614262000 seconds]
 	[Time delta from previous displayed frame: 0.614262000 seconds]
 	[Time since reference or first frame: 1194615431.128038000 seconds]
 	Frame Number: 4
 	Frame Length: 306 bytes
 	Capture Length: 306 bytes
 	[Frame is marked: False]
 	[Protocols in frame: eth:llc:cdp:data]

IEEE 802.3 Ethernet

 	Destination: CDP/VTP/DTP/PAgP/UDLD (01:00:0c:cc:cc:cc)
 	  	Address: CDP/VTP/DTP/PAgP/UDLD (01:00:0c:cc:cc:cc)
 	  	.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
 	  	.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
 	Source: Dell_11:22:33 (00:1c:23:11:22:33)
 	  	Address: Dell_11:22:33 (00:1c:23:11:22:33)
 	  	.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
 	  	.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
 	Length: 292

Logical-Link Control

 	DSAP: SNAP (0xaa)
 	IG Bit: Individual
 	SSAP: SNAP (0xaa)
 	CR Bit: Command
 	Control field: U, func=UI (0x03)
 	  	000. 00.. = Command: Unnumbered Information (0x00)
 	  	.... ..11 = Frame type: Unnumbered frame (0x03)
 	Organization Code: Cisco (0x00000c)
 	PID: CDP (0x2000)

Cisco Discovery Protocol

 	Version: 2
 	TTL: 180 seconds
 	Checksum: 0xd43d [correct]
 	  	[Good: True]
 	  	[Bad : False]
 	Device ID: 7206 Core
 	  	Type: Device ID (0x0001)
 	  	Length: 13
 	  	Device ID: 7206 Core
 	Addresses
 	  	Type: Addresses (0x0002)
 	  	Length: 17
 	  	Number of addresses: 1
 	  	IP address: 10.1.1.1
 	  	  	Protocol type: NLPID
 	  	  	Protocol length: 1
 	  	  	Protocol: IP
 	  	  	Address length: 4
 	  	  	IP address: 10.1.1.1
 	Port ID: Fas 0/0
 	  	Type: Port ID (0x0003)
 	  	Length: 11
 	  	Sent through Interface: Fas 0/0
 	Capabilities
 	  	Type: Capabilities (0x0004)
 	  	Length: 8
 	  	Capabilities: 0x00000001
 	  	  	.... .... .... .... .... .... .... ...1 = Is a Router
 	  	  	.... .... .... .... .... .... .... ..0. = Not a Transparent Bridge
 	  	  	.... .... .... .... .... .... .... .0.. = Not a Source Route Bridge
 	  	  	.... .... .... .... .... .... .... 0... = Not a Switch
 	  	  	.... .... .... .... .... .... ...0 .... = Not a Host
 	  	  	.... .... .... .... .... .... ..0. .... = Not IGMP capable
 	  	  	.... .... .... .... .... .... .0.. .... = Not a Repeater
 	Software Version
 	  	Type: Software version (0x0005)
 	  	Length: 215
 	  	Software Version: Cisco Internetwork Operating System Software S (tm) 7200 Software (C7200-IK9S-M), Version 12.2(23a), RELEASE SOFTWARE (fc2) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Tue 30-Mar-04 12:26 by kellmill
 	Platform: 7206VXR
 	  	Type: Platform (0x0006)
 	  	Length: 11
 	  	Platform: 7206VXR
 	Duplex: Half
 	  	Type: Duplex (0x000b)
 	  	Length: 5
 	  	Duplex: Half


The example above, where a device pretends to be another by sending false CDP information, could be used by dishonest people. Furthermore, if a hacker copies your usual network device banner, you could think the Linux system is one of your Cisco devices and try to log into this device with your credentials which would be captured by the hacker.

Top of the page


2. cdp-listen

cdp-listen is used to receive CDP packets. Let's see how our test Linux sees the Cisco device directly connected to its eth0 interface.

  1. /root/cdp-listen eth0
  2. Interface: eth0
  3. Hostname: Cisco-hall4.openmaniak.com
  4. Address: 10.117.1.234
  5. TimeToLive: 180
  6. Capabilities: L3R(router) L2SW(switch) IGRP
  7. Networks:

Configure "cdp-tools" to start automatically at startup:

  1. crontab -u root -e

@reboot /root/cdp-listen eth0

Nanostation

$ sudo tcpdump
10:41:58.132091 CDPv1, ttl: 120s, Device-ID 'TRSCEIPMariaGaliRd1'[|cdp]
10:41:58.135969 CDPv1, ttl: 120s, Device-ID 'TRSCEIPMariaGaliRd1'[|cdp]
10:42:06.618809 IP 10.139.60.33 > 224.0.0.5: OSPFv2, Hello, length: 44

Per desactivar-lo:

disabled "extra reporting" option if using M series devices and AirOS v5.x firmware. We will update AirOS v3.x "Extra Reporting" options in future as well.

Currently CDP packets can be dropped using firewall.

Ebtables rule example:
ebtables.4.cmd=-A OUTPUT --dst 01:00:0C:CC:CC:CC -j DROP
ebtables.4.status=enabled

RouterOS

Consulteu:

Obtenir la informació del protocol CPD amb tcpdump

$ sudo tcpdump -nn -v -i eth0 -s 1500  'ether[20:2] == 0x2000'
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 1500 bytes
20:50:29.107698 CDPv1, ttl: 120s, checksum: 376 (unverified), length 71
	Device-ID (0x01), length: 8 bytes: 'MikroTik'
	Address (0x02), length: 13 bytes: IPv4 (1) 192.168.2.2
	Port-ID (0x03), length: 7 bytes: 'bridge1'
	Capability (0x04), length: 4 bytes: (0x00000001): Router
	Version String (0x05), length: 3 bytes: 
	  5.9
	Platform (0x06), length: 8 bytes: 'MikroTik'


cpd-tools

cdp-tools

Vegeu també

Enllaços externs