[NSE] (RFC) LLTD (Link Layer Topology Discovery)

[Gorjan Petrovski <mogi57 () gmail com>]

Hi,

Not so long ago Toni Ruottu shared a great idea for a discovery script
with me. I researched it a little and this is a summation of my
conclusions:

LLTD (link layer topology discovery) is a proprietary topology
discovery and QoS diagnostics protocol used by WinVista and Win7
machines. There are also patches for WinXP, Perl implementation, as
well as Linux sample implementation. Its uses to Nmap include target
discovery and host info gathering (if the host is configured to share
info), but only on a local network segment since it's a LayerII
protocol and it's not routed across segments. Another use is perhaps a
network topology description (responder-hosts, switches,
interconnections), however the algorithms tend to be a bit complex and
I'm not sure whether it's worth for that kind of a functionality.
http://en.wikipedia.org/wiki/Lltd
http://msdn.microsoft.com/en-gb/windows/hardware/gg463024

I propose writing a library, which then scripts would use. The Perl
implementation could be used as an example, however I doubt we need
all the facilities implemented there.
http://search.cpan.org/~gomor/Net-Frame-Layer-LLTD-1.00/

The LLDP messages use the TLV format (Type-Length-Value). My guess is
that a simple parser would suffice, with a Lua table as a message type
enumerator. In case we want additional formatting we could have
function fields in the table which format/process every message
according to the need.

The main goal of the library would be to implement the Enumerator*
with the Quick_Discovery* functionality as described in the LLTD
documentation. These can be used in both host discovery and system
information gathering, so one script would suffice, but we could use a
script-arg to define what kind of output the script would need.

The information intended to be shared with the LLTD protocol includes
info such as:
* Host ID  that uniquely identifies the host on which the responder is running
* Characteristics
* Physical Medium
* Wireless Mode
* 80211 Basic Service Set Identifier
* 80211 Service Set Identifier
* IPv4 Address
* IPv6 Address
* 80211 Maximum Operational Rate
* Performance Counter Frequency
* Link Speed
* 80211 Received Signal Strength Indication
* Icon Image
* Machine Name
* Support Information  that identifies the device manufacturer's support
* information
* Friendly Name
* Device Universally Unique Identifier
* Hardware ID
* QoS Characteristics
* 80211 Physical Medium
* AP Association Table
* Detailed Icon Image
* Sees-List Working Set
* Component Table
* Repeater AP Lineage
* Repeater AP Table

All of the aforementioned information is described in the official
LLDP documentation.


Comments are very welcome :)

Is this info enough to be added to the Script_Ideas page?

Cheers,
Gorjan
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/