El protocol Cisco Discovery Protocol (CDP és un protocol propietari de capa 2 desenvolupat per Cisco.
La seva utilitat és:
Els paquets d'anunci ( CDP announcements) són enviats a la adreça de destinació multicast: 01:00:0c:cc:cc:cc
Per defecte Linux no suporta el protocol CDP. Podeu utilitzar les cdp-tools per activar el suport.
TODO:
Enabling CDP on Linux systems can be interesting on routers like Quagga and Vyatta in a Cisco environment.
Download CDP-tools in the /root directory. If you want to download "cdp-tools" directly from the Linux CLI, proceed as follows:
Extract "cdp-tools":
This will create the "cdp-tools" directory.
Download and install the "build-essential" meta-package containing the tools to compile programs.
Download and install libnet0-dev: Libnet0 is a generic networking API that provides access to several protocols.
The libpcap library (in our example libpcap0.8-dev) is installed at the same time.
Compile "cdp-tools":
cc -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -DLIBNET_LIL_ENDIAN -c -o cdp-listen.o cdp-listen.c cc cdp-listen.o /usr/lib/libpcap.so -o cdp-listen cc -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -DLIBNET_LIL_ENDIAN -c -o cdp-send.o cdp-send.c cdp-send.c:70: warning: 'packed’ attribute ignored for field of type ‘unsigned char[6]' cdp-send.c:71: warning: 'packed' attribute ignored for field of type 'unsigned char[6]' cdp-send.c:74: warning: 'packed' attribute ignored for field of type 'u_int8_t' cdp-send.c:75: warning: 'packed' attribute ignored for field of type 'u_int8_t' cdp-send.c:77: warning: 'packed' attribute ignored for field of type 'u_int8_t' cdp-send.c:78: warning: 'packed' attribute ignored for field of type 'u_int8_t[3]' cc cdp-send.o /usr/lib/libnet.so -o cdp-send
If everything goes as planned, you should have two new files called "cdp-send" and "cdp-listen" which are used to respectively send or receive traffic.
1. cdp-send 2. cdp-listen
1. cdp-send
Launch cd-send
cdp-send is used to send CDP traffic to directly connected devices.
Let's launch cdp-send with the minimal setting:
Syntax: cdp-send [options] interfaces... &
/root/cdp-tools/cdp-send eth0 "eth0" is the interface through which we are sending CDP traffic. "/root/cdp-tools/cdp-send eth1 eth2" would send CDP traffic trough the eth1 and eth2 interfaces.
Check how a directly connected Cisco device sees our Linux machine:
Cisco_device>show cdp neighbours Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID ubuntu Fas 1/0/5 176 H i686 eth0 The Linux system is seen as a layer 3 host "H", on interface "eth0", with a hostname "ubuntu" and a platform "i386".
Cisco_device>show cdp neighbours details Device ID: ubuntu Entry address(es):
IP address: 10.1.1.1
Platform: i686, Capabilities: Host Interface: FastEthernet1/0/5, Port ID (outgoing port): eth0 Holdtime : 120 sec
Version : Linux 2.6.22-10-generic
advertisement version: 2 Management address(es): Configure "cdp-tools" to start automatically on startup:
@reboot /root/cdp-send eth0
Top of the page
cd-send advanced settings:
To see the advanced settings:
Usage: cdp-send [options] interfaces... &
-a addr use specified address instead of that on interface -c caps enable capabilities (try -c list) -d enable debugging output -D dom specify VTP management domain (octal escapes ok) -L vlan specify native VLAN (vlanid) -V vlan specify voice VLAN (voiceid) -m mach specify machine/platform to advertise (e.g. "i686") -n name specify a hostname -p name override port name (default: interface) -P duplex specify port duplex (full/half) -o enable oneshot mode -s vers specify software/version to advertise (e.g. "Linux 2.6.22-10-generic") -S subnet specify ip prefix/subnet (need for routers, etc) -t secs set wait-time (default: 60 seconds)
Let's see an example, where our test ubuntu machine pretends to be a Cisco device.
Check how the directly connected Cisco device sees our Linux machine:
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID 7206 Core Fas 1/0/5 176 R 7206VXR Fas 0/0 The Linux system is seen as a layer 3 router "R", on interface "Fas 0/0", with a hostname "7206 Core" and a platform "7206VXR".
Cisco_device>show cdp neighbours details Device ID: 7206 Core Entry address(es):
IP address: 10.1.1.1
Platform: 7206VXR, Capabilities: Router Interface: FastEthernet1/0/5, Port ID (outgoing port): Fas 0/0 Holdtime : 164 sec
Version : Cisco Internetwork Operating System Software S (tm) 7200 Software (C7200-IK9S-M), Version 12.2(23a), RELEASE SOFTWARE (fc2) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Tue 30-Mar-04 12:26 by kellmill
advertisement version: 2 Management address(es):
Top of the page
cd-send packet analysis:
The debugging (-d) option shows the CDP Ethernet frame.
Sent over: eth0, total length: 306 0000 01 00 0c cc cc cc 00 1c 23 11 22 33 01 24 aa aa ........#....$.. 0001 03 00 00 0c 20 00 02 b4 d4 3d 00 01 00 0d 37 32 .... ....=....72 0002 30 36 20 43 6f 72 65 00 02 00 11 00 00 00 01 01 06 Core......... 0003 01 cc 00 04 0a 01 01 01 00 03 00 0b 46 61 73 20 ............Fas 0004 30 2f 30 00 04 00 08 00 00 00 01 00 05 00 d7 43 0/0............C 0005 69 73 63 6f 20 49 6e 74 65 72 6e 65 74 77 6f 72 isco Internetwor 0006 6b 20 4f 70 65 72 61 74 69 6e 67 20 53 79 73 74 k Operating Syst 0007 65 6d 20 53 6f 66 74 77 61 72 65 20 53 20 28 74 em Software S (t 0008 6d 29 20 37 32 30 30 20 53 6f 66 74 77 61 72 65 m) 7200 Software 0009 20 28 43 37 32 30 30 2d 49 4b 39 53 2d 4d 29 2c (C7200-IK9S-M), 000a 20 56 65 72 73 69 6f 6e 20 31 32 2e 32 28 32 33 Version 12.2(23 000b 61 29 2c 20 52 45 4c 45 41 53 45 20 53 4f 46 54 a), RELEASE SOFT 000c 57 41 52 45 20 28 66 63 32 29 20 43 6f 70 79 72 WARE (fc2) Copyr 000d 69 67 68 74 20 28 63 29 20 31 39 38 36 2d 32 30 ight (c) 1986-20 000e 30 34 20 62 79 20 63 69 73 63 6f 20 53 79 73 74 04 by cisco Syst 000f 65 6d 73 2c 20 49 6e 63 2e 20 43 6f 6d 70 69 6c ems, Inc. Compil 0010 65 64 20 54 75 65 20 33 30 2d 4d 61 72 2d 30 34 ed Tue 30-Mar-04 0011 20 31 32 3a 32 36 20 62 79 20 6b 65 6c 6c 6d 69 12:26 by kellmi 0012 6c 6c 00 06 00 0b 37 32 30 36 56 58 52 00 0b 00 ll....7206VXR... 0013 05 00 ... The same Ethernet frame analyzed with tshark, the CLI Wireshark version.
Frame 4 (306 bytes on wire, 306 bytes captured)
Arrival Time: Nov 11, 2007 14:37:11.128038000 [Time delta from previous captured frame: 0.614262000 seconds] [Time delta from previous displayed frame: 0.614262000 seconds] [Time since reference or first frame: 1194615431.128038000 seconds] Frame Number: 4 Frame Length: 306 bytes Capture Length: 306 bytes [Frame is marked: False] [Protocols in frame: eth:llc:cdp:data]
IEEE 802.3 Ethernet
Destination: CDP/VTP/DTP/PAgP/UDLD (01:00:0c:cc:cc:cc) Address: CDP/VTP/DTP/PAgP/UDLD (01:00:0c:cc:cc:cc) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_11:22:33 (00:1c:23:11:22:33) Address: Dell_11:22:33 (00:1c:23:11:22:33) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Length: 292
Logical-Link Control
DSAP: SNAP (0xaa) IG Bit: Individual SSAP: SNAP (0xaa) CR Bit: Command Control field: U, func=UI (0x03) 000. 00.. = Command: Unnumbered Information (0x00) .... ..11 = Frame type: Unnumbered frame (0x03) Organization Code: Cisco (0x00000c) PID: CDP (0x2000)
Cisco Discovery Protocol
Version: 2 TTL: 180 seconds Checksum: 0xd43d [correct] [Good: True] [Bad : False] Device ID: 7206 Core Type: Device ID (0x0001) Length: 13 Device ID: 7206 Core Addresses Type: Addresses (0x0002) Length: 17 Number of addresses: 1 IP address: 10.1.1.1 Protocol type: NLPID Protocol length: 1 Protocol: IP Address length: 4 IP address: 10.1.1.1 Port ID: Fas 0/0 Type: Port ID (0x0003) Length: 11 Sent through Interface: Fas 0/0 Capabilities Type: Capabilities (0x0004) Length: 8 Capabilities: 0x00000001 .... .... .... .... .... .... .... ...1 = Is a Router .... .... .... .... .... .... .... ..0. = Not a Transparent Bridge .... .... .... .... .... .... .... .0.. = Not a Source Route Bridge .... .... .... .... .... .... .... 0... = Not a Switch .... .... .... .... .... .... ...0 .... = Not a Host .... .... .... .... .... .... ..0. .... = Not IGMP capable .... .... .... .... .... .... .0.. .... = Not a Repeater Software Version Type: Software version (0x0005) Length: 215 Software Version: Cisco Internetwork Operating System Software S (tm) 7200 Software (C7200-IK9S-M), Version 12.2(23a), RELEASE SOFTWARE (fc2) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Tue 30-Mar-04 12:26 by kellmill Platform: 7206VXR Type: Platform (0x0006) Length: 11 Platform: 7206VXR Duplex: Half Type: Duplex (0x000b) Length: 5 Duplex: Half
The example above, where a device pretends to be another by sending false CDP information, could be used by dishonest people.
Furthermore, if a hacker copies your usual network device banner, you could think the Linux system is one of your Cisco devices and try to log into this device with your credentials which would be captured by the hacker.
Top of the page
2. cdp-listen
cdp-listen is used to receive CDP packets. Let's see how our test Linux sees the Cisco device directly connected to its eth0 interface.
Configure "cdp-tools" to start automatically at startup:
@reboot /root/cdp-listen eth0
$ sudo tcpdump 10:41:58.132091 CDPv1, ttl: 120s, Device-ID 'TRSCEIPMariaGaliRd1'[|cdp] 10:41:58.135969 CDPv1, ttl: 120s, Device-ID 'TRSCEIPMariaGaliRd1'[|cdp] 10:42:06.618809 IP 10.139.60.33 > 224.0.0.5: OSPFv2, Hello, length: 44
Per desactivar-lo:
disabled "extra reporting" option if using M series devices and AirOS v5.x firmware. We will update AirOS v3.x "Extra Reporting" options in future as well.
Currently CDP packets can be dropped using firewall.
Ebtables rule example: ebtables.4.cmd=-A OUTPUT --dst 01:00:0C:CC:CC:CC -j DROP ebtables.4.status=enabled
Consulteu:
$ sudo tcpdump -nn -v -i eth0 -s 1500 'ether[20:2] == 0x2000' tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 1500 bytes 20:50:29.107698 CDPv1, ttl: 120s, checksum: 376 (unverified), length 71 Device-ID (0x01), length: 8 bytes: 'MikroTik' Address (0x02), length: 13 bytes: IPv4 (1) 192.168.2.2 Port-ID (0x03), length: 7 bytes: 'bridge1' Capability (0x04), length: 4 bytes: (0x00000001): Router Version String (0x05), length: 3 bytes: 5.9 Platform (0x06), length: 8 bytes: 'MikroTik'
Acacha Wiki