Nmap Development mailing list archives
[NSE] (RFC) LLTD (Link Layer Topology Discovery)
From: Gorjan Petrovski <mogi57 () gmail com>
Date: Tue, 28 Jun 2011 15:22:56 +0200
Hi, Not so long ago Toni Ruottu shared a great idea for a discovery script with me. I researched it a little and this is a summation of my conclusions: LLTD (link layer topology discovery) is a proprietary topology discovery and QoS diagnostics protocol used by WinVista and Win7 machines. There are also patches for WinXP, Perl implementation, as well as Linux sample implementation. Its uses to Nmap include target discovery and host info gathering (if the host is configured to share info), but only on a local network segment since it's a LayerII protocol and it's not routed across segments. Another use is perhaps a network topology description (responder-hosts, switches, interconnections), however the algorithms tend to be a bit complex and I'm not sure whether it's worth for that kind of a functionality. http://en.wikipedia.org/wiki/Lltd http://msdn.microsoft.com/en-gb/windows/hardware/gg463024 I propose writing a library, which then scripts would use. The Perl implementation could be used as an example, however I doubt we need all the facilities implemented there. http://search.cpan.org/~gomor/Net-Frame-Layer-LLTD-1.00/ The LLDP messages use the TLV format (Type-Length-Value). My guess is that a simple parser would suffice, with a Lua table as a message type enumerator. In case we want additional formatting we could have function fields in the table which format/process every message according to the need. The main goal of the library would be to implement the Enumerator* with the Quick_Discovery* functionality as described in the LLTD documentation. These can be used in both host discovery and system information gathering, so one script would suffice, but we could use a script-arg to define what kind of output the script would need. The information intended to be shared with the LLTD protocol includes info such as: * Host ID that uniquely identifies the host on which the responder is running * Characteristics * Physical Medium * Wireless Mode * 80211 Basic Service Set Identifier * 80211 Service Set Identifier * IPv4 Address * IPv6 Address * 80211 Maximum Operational Rate * Performance Counter Frequency * Link Speed * 80211 Received Signal Strength Indication * Icon Image * Machine Name * Support Information that identifies the device manufacturer's support * information * Friendly Name * Device Universally Unique Identifier * Hardware ID * QoS Characteristics * 80211 Physical Medium * AP Association Table * Detailed Icon Image * Sees-List Working Set * Component Table * Repeater AP Lineage * Repeater AP Table All of the aforementioned information is described in the official LLDP documentation. Comments are very welcome :) Is this info enough to be added to the Script_Ideas page? Cheers, Gorjan _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] (RFC) LLTD (Link Layer Topology Discovery) Gorjan Petrovski (Jun 28)
- Re: [NSE] (RFC) LLTD (Link Layer Topology Discovery) Toni Ruottu (Jun 28)
- Re: [NSE] (RFC) LLTD (Link Layer Topology Discovery) Gorjan Petrovski (Jun 28)
- Re: [NSE] (RFC) LLTD (Link Layer Topology Discovery) Toni Ruottu (Jun 28)