Bilginin Adresi Ana Sayfa
Forum Anasayfası Forum Anasayfası > Bilgisayar Güvenliði / Computer Security > Güvenlik / Security Makaleleri
  Aktif Konular Aktif Konular RSS - tcpdump & tshark ile CDP paketleri
  SSS SSS  Forumu Ara   Events   Kayıt Ol Kayıt Ol  GiriÅŸ GiriÅŸ

tcpdump & tshark ile CDP paketleri

 Yanıt Yaz Yanıt Yaz
Yazar
Mesaj
megabros Açılır Kutu Gör
Security Professional
Security Professional
Simge

Kayıt Tarihi: 08-06-2009
Konum: Turkey
Status: Aktif DeÄŸil
Points: 752
Mesaj Seçenekleri Mesaj Seçenekleri   Thanks (0) Thanks(0)   Alıntı megabros Alıntı  Yanıt YazCevapla Mesajın Direkt Linki Konu: tcpdump & tshark ile CDP paketleri
    Gönderim Zamanı: 23-08-2009 Saat 10:07
Cisco cihazlarin kendilerini tanitmalari/tanimalari icin kullandiklari bir protokoldur. CDP paketleri multicast yayilma gosterirler ve agda bulunan herhangi birisi bu paketleri dinleyerek calisan sistemler hakkinda detayli bilgi edinebilir.

CDP ile bir Cisco sisteme ait Cihazin host adresi, IP Adresi, Interface bilgileri, Detaylý IOS bilgisi, Platform bilgisi, VTP domain ismi vs gibi bilgiler alinabilir. CDP paketlerini tcpdump, tshark ya da benzeri bir sniffer/ag dinleyici bir programla yakalayabilirsiniz.

#tcpdump -nn -v -i rl0 -s 1500 -c 1 ‘ether[20:2] == 0×2000′

11:47:05.413153 CDPv2, ttl: 180s, checksum: 692 (unverified), length 364
Device-ID (0×01), length: 8 bytes: ‘3548-700′
Address (0×02), length: 13 bytes: IPv4 (1) 2.1.94.2
Port-ID (0×03), length: 16 bytes: ‘FastEthernet0/23′
Capability (0×04), length: 4 bytes: (0×0000000a): Transparent Bridge, L2 Switch
Version String (0×05), length: 231 bytes:
Cisco Internetwork Operating System Software
IOS ™ C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5.3)WC(1), MAINTENANCE INTERIM SOFTWARE
Copyright (c) 1986-2001 by cisco Systems, Inc.
Compiled Mon 30-Apr-01 07:51 by devgoyal
Platform (0×06), length: 17 bytes: ‘cisco WS-C3548-XL’
Protocol-Hello option (0×08), length: 32 bytes:
VTP Management Domain (0×09), length: 7 bytes: ‘aaabbbcccx’

Tshark ile gorunumu daha aciklayici ciktilar elde edebilirsiniz.

bt ~ # tshark -i eth1 -V -f “ether host 01:00:0c:cc:cc:cc”
Cisco Discovery Protocol
Version: 2
TTL: 180 seconds
Checksum: 0xd50d [incorrect, should be 0xd60b]
[Good: False]
[Bad : True]
Device ID: SMG1117N0XW(x9-User)
Type: Device ID (0×0001)
Length: 33
Device ID: SMG1117N0XW(Kx-User)
Addresses
Type: Addresses (0×0002)
Length: 17
Number of addresses: 1
IP address: x.x.x.x.
Protocol type: NLPID
Protocol length: 1
Protocol: IP
Address length: 4
IP address: x.x.x.x
Port ID: 9/11
Type: Port ID (0×0003)
Length: 8
Sent through Interface: x/11
Capabilities
Type: Capabilities (0×0004)
Length: 8
Capabilities: 0×0000002a
…. …. …. …. …. …. …. …0 = Not a Router
…. …. …. …. …. …. …. ..1. = Is  a Transparent Bridge
…. …. …. …. …. …. …. .0.. = Not a Source Route Bridge
…. …. …. …. …. …. …. 1… = Is  a Switch
…. …. …. …. …. …. …0 …. = Not a Host
…. …. …. …. …. …. ..1. …. = Is  IGMP capable
…. …. …. …. …. …. .0.. …. = Not a Repeater
Software Version
Type: Software version (0×0005)
Length: 102
Software Version: WS-C6509-E Software, Version McpSW: 8.5(8) NmpSW: 8.5(8)
Copyright (c) 1995-2006 by Cisco Systems
Platform: WS-C6509-E
Type: Platform (0×0006)
Length: 14
Platform: WS-C6509-E
VTP Management Domain:
Type: VTP Management Domain (0×0009)
Length: 4
VTP Management Domain:
Native VLAN: x
Type: Native VLAN (0×000a)
Length: 6
Native VLAN: x
Duplex: Full
Type: Duplex (0×000b)
Length: 5
Duplex: Full
VoIP VLAN Reply: xxx
Type: VoIP VLAN Reply (0×000e)
Length: 7
Data
Voice VLAN:xxx
Trust Bitmap: 0×00
Type: Trust Bitmap (0×0012)
Length: 5
Trust Bitmap: 00
Untrusted port CoS: 0×00
Type: Untrusted Port CoS (0×0013)
Length: 5
Untrusted port CoS: 00
System Name: x.x.x.x
Type: System Name (0×0014)
Length: 20
System Name: x.x.x.x
System Object Identifier
Type: System Object ID (0×0015)
Length: 14
System Object Identifier: 06082B0601040109052C
Management Addresses
Type: Management Address (0×0016)
Length: 17
Number of addresses: 1
IP address: x.x.x.x
Protocol type: NLPID
Protocol length: 1
Protocol: IP
Address length: 4
IP address: x.x.x.x
Location: x.x.x.x
Type: Location (0×0017)
Length: 20
UNKNOWN: 0×00
Location: x.x.x.x
Power Available: 7000 mW, 4294967295 mW
Type: Power Available (0×001a)
Length: 16
Request-ID: 0
Management-ID: 1
Power Available: 7000 mW
Power Available: 4294967295 mW

Frame 12 (327 bytes on wire, 327 bytes captured)
Arrival Time: Jan  6, 2009 11:09:47.458170000
[Time delta from previous captured frame: 60.087622000 seconds]
[Time delta from previous displayed frame: 60.087622000 seconds]
[Time since reference or first frame: 661.176321000 seconds]
Frame Number: 12
Frame Length: 327 bytes
Capture Length: 327 bytes
[Frame is marked: False]
[Protocols in frame: eth:llc:cdp:data]
IEEE 802.3 Ethernet
Destination: CDP/VTP/DTP/PAgP/UDLD (01:00:0c:cc:cc:cc)
Address: CDP/VTP/DTP/PAgP/UDLD (01:00:0c:cc:cc:cc)
…. …1 …. …. …. …. = IG bit: Group address (multicast/broadcast)
…. ..0. …. …. …. …. = LG bit: Globally unique address (factory default)
Source: Cisco_:3e (00:1b:53::3e)
Address: Cisco_40:17:3e (00:1b:53:40:17:3e)
…. …0 …. …. …. …. = IG bit: Individual address (unicast)
…. ..0. …. …. …. …. = LG bit: Globally unique address (factory default)
Length: 313
Logical-Link Control
DSAP: SNAP (0xaa)
IG Bit: Individual
SSAP: SNAP (0xaa)
CR Bit: Command
Control field: U, func=UI (0×03)
000. 00.. = Command: Unnumbered Information (0×00)
…. ..11 = Frame type: Unnumbered frame (0×03)
Organization Code: Cisco (0×00000c)
PID: CDP (0×2000)

Saygýlar..
Yukarı Dön
 Yanıt Yaz Yanıt Yaz

Forum Atla Forum İzinleri Açılır Kutu Gör



Bu Sayfa 0.205 Saniyede Yüklendi.