Loading ...The CDP protocol:
The Cisco Discovery Protocol (CDP) is a proprietary layer 2 network protocol developed by Cisco Systems.
It runs on Cisco and some HP equipment devices.
It is useful for two reasons:
- Getting information about the directly connected CDP devices such as the operating system version and IP address.
- Checking that the OSI layer 2 connectivity is okay in case of IP (OSI layer 3) connectivity problems
The CDP announcements are sent to the multicast destination address 01-00-0c-cc-cc-cc.
CDP on Linux:
Linux does not natively support the CDP protocol, so we have to use a tool called “cdp-tools” to activate it.
Enabling CDP on Linux systems can be interesting on routers like Quagga and Vyatta in a Cisco environment.
Download CDP-tools in the /root directory.
If you want to download “cdp-tools” directly from the Linux CLI, proceed as follows:
| #wget http://gpl.internetconnection.net/files/cdp-tools.tar.gz |
Extract “cdp-tools”:
| #tar -xvf cdp-tools.tar |
This will create the “cdp-tools” directory.
Download and install the “build-essential” meta-package containing the tools to compile programs.
| #apt-get install build-essential |
Download and install libnet0-dev:
Libnet0 is a generic networking API that provides access to several protocols.
| #apt-get install libnet0-dev |
The libpcap library (in our example libpcap0.8-dev) is installed at the same time.
Compile “cdp-tools”:
| #make |
cc -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -DLIBNET_LIL_ENDIAN -c -o cdp-listen.o cdp-listen.c
cc cdp-listen.o /usr/lib/libpcap.so -o cdp-listen
cc -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -DLIBNET_LIL_ENDIAN -c -o cdp-send.o cdp-send.c
cdp-send.c:70: warning: ‘packed’ attribute ignored for field of type ‘unsigned char[6]‘
cdp-send.c:71: warning: ‘packed’ attribute ignored for field of type ‘unsigned char[6]‘
cdp-send.c:74: warning: ‘packed’ attribute ignored for field of type ‘u_int8_t’
cdp-send.c:75: warning: ‘packed’ attribute ignored for field of type ‘u_int8_t’
cdp-send.c:77: warning: ‘packed’ attribute ignored for field of type ‘u_int8_t’
cdp-send.c:78: warning: ‘packed’ attribute ignored for field of type ‘u_int8_t[3]‘
cc cdp-send.o /usr/lib/libnet.so -o cdp-send
If everything goes as planned, you should have two new files called “cdp-send” and “cdp-listen” which are used to respectively send or receive traffic.
1. cdp-send
Launch cd-send
cdp-send is used to send CDP traffic to directly connected devices.
Let’s launch cdp-send with the minimal setting:
Syntax: cdp-send [options] interfaces… &
| /root/cdp-tools/cdp-send eth0 |
“eth0″ is the interface through which we are sending CDP traffic.
“/root/cdp-tools/cdp-send eth1 eth2″ would send CDP traffic trough the eth1 and eth2 interfaces.
Check how a directly connected Cisco device sees our Linux machine:
| Cisco_device>show cdp neighbours |
| Capability Codes: | R – Router, T – Trans Bridge, B – Source Route Bridge | ||||
| S – Switch, H – Host, I – IGMP, r – Repeater, P – Phone | |||||
| Device ID | Local Intrfce | Holdtme |
Capability
|
Platform | Port ID |
| ubuntu | Fas 1/0/5 | 176 |
H
|
i686 | eth0 |
The Linux system is seen as a layer 3 host “H”, on interface “eth0″, with a hostname “ubuntu” and a platform “i386″.
| Cisco_device>show cdp neighbours details |
| Device ID: ubuntu Entry address(es): IP address: 10.1.1.1 Platform: i686, Capabilities: Host Interface: FastEthernet1/0/5, Port ID (outgoing port): eth0 Holdtime : 120 sec Version : advertisement version: 2 |
Configure “cdp-tools” to start automatically on startup:
| #crontab -u root -e |
| @reboot /root/cdp-send eth0 |
cd-send advanced settings:
To see the advanced settings:
| #/root/cdp-send |
| Usage: cdp-send [options] interfaces… & | |||
| -a | addr | use specified address instead of that on interface | |
| -c | caps | enable capabilities (try -c list) | |
| -d | enable | debugging output | |
| -D | dom | specify VTP management domain (octal escapes ok) | |
| -L | vlan | specify native VLAN (vlanid) | |
| -V | vlan | specify voice VLAN (voiceid) | |
| -m | mach | specify machine/platform to advertise (e.g. “i686″) | |
| -n | name | specify a hostname | |
| -p | name | override port name (default: interface) | |
| -P | duplex | specify port duplex (full/half) | |
| -o | enable | oneshot mode | |
| -s | vers | specify software/version to advertise (e.g. “Linux 2.6.22-10-generic”) | |
| -S | subnet | specify ip prefix/subnet (need for routers, etc) | |
| -t | secs | set wait-time (default: 60 seconds) | |
Let’s see an example, where our test ubuntu machine pretends to be a Cisco device.
| #/root/cdp-send eth0 -n “7206 Core” -m 7206VXR -p “Fas 0/0″ -P half -c l3r -s 7206VXR -a 10.1.1.1 -V 123 -s “Cisco Internetwork Operating System Software S ™ 7200 Software (C7200-IK9S-M), Version 12.2(23a), RELEASE SOFTWARE (fc2) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Tue 30-Mar-04 12:26 by kellmill” |
Check how the directly connected Cisco device sees our Linux machine:
| Capability Codes: | R – Router, T – Trans Bridge, B – Source Route Bridge | ||||
| S – Switch, H – Host, I – IGMP, r – Repeater, P – Phone | |||||
| Device ID | Local Intrfce | Holdtme |
Capability
|
Platform | Port ID |
| 7206 Core | Fas 1/0/5 | 176 |
R
|
7206VXR | Fas 0/0 |
The Linux system is seen as a layer 3 router “R”, on interface “Fas 0/0″, with a hostname “7206 Core” and a platform “7206VXR”.
| Cisco_device>show cdp neighbours details |
| Device ID: 7206 Core Entry address(es): IP address: 10.1.1.1 Platform: 7206VXR, Capabilities: Router Interface: FastEthernet1/0/5, Port ID (outgoing port): Fas 0/0 Holdtime : 164 secVersion : Cisco Internetwork Operating System Software S ™ 7200 Software (C7200-IK9S-M), Version 12.2(23a), RELEASE SOFTWARE (fc2) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Tue 30-Mar-04 12:26 by kellmilladvertisement version: 2 Management address(es): |
cd-send packet analysis:
The debugging (-d) option shows the CDP Ethernet frame.
| #/root/cdp-send eth0 -d -n “7206 Core” -m 7206VXR -p “Fas 0/0″ -P half -c l3r -s 7206VXR -a 10.1.1.1 -V 123 -s “Cisco Internetwork Operating System Software S ™ 7200 Software (C7200-IK9S-M), Version 12.2(23a), RELEASE SOFTWARE (fc2) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Tue 30-Mar-04 12:26 by kellmill” |
| Sent over: eth0, total length: 306 | |
| 0000 01 00 0c cc cc cc 00 1c 23 11 22 33 01 24 aa aa | ……..#….$.. |
| 0001 03 00 00 0c 20 00 02 b4 d4 3d 00 01 00 0d 37 32 | …. ….=….72 |
| 0002 30 36 20 43 6f 72 65 00 02 00 11 00 00 00 01 01 | 06 Core……… |
| 0003 01 cc 00 04 0a 01 01 01 00 03 00 0b 46 61 73 20 | …………Fas |
| 0004 30 2f 30 00 04 00 08 00 00 00 01 00 05 00 d7 43 | 0/0…………C |
| 0005 69 73 63 6f 20 49 6e 74 65 72 6e 65 74 77 6f 72 | isco Internetwor |
| 0006 6b 20 4f 70 65 72 61 74 69 6e 67 20 53 79 73 74 | k Operating Syst |
| 0007 65 6d 20 53 6f 66 74 77 61 72 65 20 53 20 28 74 | em Software S (t |
| 0008 6d 29 20 37 32 30 30 20 53 6f 66 74 77 61 72 65 | m) 7200 Software |
| 0009 20 28 43 37 32 30 30 2d 49 4b 39 53 2d 4d 29 2c | (C7200-IK9S-M), |
| 000a 20 56 65 72 73 69 6f 6e 20 31 32 2e 32 28 32 33 | Version 12.2(23 |
| 000b 61 29 2c 20 52 45 4c 45 41 53 45 20 53 4f 46 54 | a), RELEASE SOFT |
| 000c 57 41 52 45 20 28 66 63 32 29 20 43 6f 70 79 72 | WARE (fc2) Copyr |
| 000d 69 67 68 74 20 28 63 29 20 31 39 38 36 2d 32 30 | ight (c) 1986-20 |
| 000e 30 34 20 62 79 20 63 69 73 63 6f 20 53 79 73 74 | 04 by cisco Syst |
| 000f 65 6d 73 2c 20 49 6e 63 2e 20 43 6f 6d 70 69 | 6c ems, Inc. Compil |
| 0010 65 64 20 54 75 65 20 33 30 2d 4d 61 72 2d 30 34 | ed Tue 30-Mar-04 |
| 0011 20 31 32 3a 32 36 20 62 79 20 6b 65 6c 6c 6d 69 | 12:26 by kellmi |
| 0012 6c 6c 00 06 00 0b 37 32 30 36 56 58 52 00 0b 00 | ll….7206VXR… |
| 0013 05 00 | … |
The same Ethernet frame analyzed with tshark, the CLI Wireshark version.
| Frame 4 (306 bytes on wire, 306 bytes captured) | |||
| Arrival Time: Nov 11, 2007 14:37:11.128038000 | |||
| [Time delta from previous captured frame: 0.614262000 seconds] | |||
| [Time delta from previous displayed frame: 0.614262000 seconds] | |||
| [Time since reference or first frame: 1194615431.128038000 seconds] | |||
| Frame Number: 4 | |||
| Frame Length: 306 bytes | |||
| Capture Length: 306 bytes | |||
| [Frame is marked: False] | |||
| [Protocols in frame: eth:llc:cdp:data] | |||
| IEEE 802.3 Ethernet | |||
| Destination: CDP/VTP/DTP/PAgP/UDLD (01:00:0c:cc:cc:cc) | |||
| Address: CDP/VTP/DTP/PAgP/UDLD (01:00:0c:cc:cc:cc) | |||
| …. …1 …. …. …. …. = IG bit: Group address (multicast/broadcast) | |||
| …. ..0. …. …. …. …. = LG bit: Globally unique address (factory default) | |||
| Source: Dell_11:22:33 (00:1c:23:11:22:33) | |||
| Address: Dell_11:22:33 (00:1c:23:11:22:33) | |||
| …. …0 …. …. …. …. = IG bit: Individual address (unicast) | |||
| …. ..0. …. …. …. …. = LG bit: Globally unique address (factory default) | |||
| Length: 292 | |||
| Logical-Link Control | |||
| DSAP: SNAP (0xaa) | |||
| IG Bit: Individual | |||
| SSAP: SNAP (0xaa) | |||
| CR Bit: Command | |||
| Control field: U, func=UI (0×03) | |||
| 000. 00.. = Command: Unnumbered Information (0×00) | |||
| …. ..11 = Frame type: Unnumbered frame (0×03) | |||
| Organization Code: Cisco (0x00000c) | |||
| PID: CDP (0×2000) | |||
| Cisco Discovery Protocol | |||
| Version: 2 | |||
| TTL: 180 seconds | |||
| Checksum: 0xd43d [correct] | |||
| [Good: True] | |||
| [Bad : False] | |||
| Device ID: 7206 Core | |||
| Type: Device ID (0×0001) | |||
| Length: 13 | |||
| Device ID: 7206 Core | |||
| Addresses | |||
| Type: Addresses (0×0002) | |||
| Length: 17 | |||
| Number of addresses: 1 | |||
| IP address: 10.1.1.1 | |||
| Protocol type: NLPID | |||
| Protocol length: 1 | |||
| Protocol: IP | |||
| Address length: 4 | |||
| IP address: 10.1.1.1 | |||
| Port ID: Fas 0/0 | |||
| Type: Port ID (0×0003) | |||
| Length: 11 | |||
| Sent through Interface: Fas 0/0 | |||
| Capabilities | |||
| Type: Capabilities (0×0004) | |||
| Length: 8 | |||
| Capabilities: 0×00000001 | |||
| …. …. …. …. …. …. …. …1 = Is a Router | |||
| …. …. …. …. …. …. …. ..0. = Not a Transparent Bridge | |||
| …. …. …. …. …. …. …. .0.. = Not a Source Route Bridge | |||
| …. …. …. …. …. …. …. 0… = Not a Switch | |||
| …. …. …. …. …. …. …0 …. = Not a Host | |||
| …. …. …. …. …. …. ..0. …. = Not IGMP capable | |||
| …. …. …. …. …. …. .0.. …. = Not a Repeater | |||
| Software Version | |||
| Type: Software version (0×0005) | |||
| Length: 215 | |||
| Software Version: Cisco Internetwork Operating System Software S ™ 7200 Software (C7200-IK9S-M), Version 12.2(23a), RELEASE SOFTWARE (fc2) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Tue 30-Mar-04 12:26 by kellmill | |||
| Platform: 7206VXR | |||
| Type: Platform (0×0006) | |||
| Length: 11 | |||
| Platform: 7206VXR | |||
| Duplex: Half | |||
| Type: Duplex (0x000b) | |||
| Length: 5 | |||
| Duplex: Half | |||
The example above, where a device pretends to be another by sending false CDP information, could be used by dishonest people.
Furthermore, if a hacker copies your usual network device banner, you could think the Linux system is one of your Cisco devices and try to log into this device with your credentials which would be captured by the hacker.
2. cdp-listen
cdp-listen is used to receive CDP packets.
Let’s see how our test Linux sees the Cisco device directly connected to its eth0 interface.
| #/root/cdp-listen eth0 |
| # Interface: | eth0 |
| # Hostname: | Cisco-hall4.katesgantung.com |
| # Address: | 10.117.1.234 |
| # | |
| # TimeToLive: | 180 |
| # Capabilities: | L3R(router) L2SW(switch) IGRP |
| # | |
| # Networks: |
Configure “cdp-tools” to start automatically at startup:
| #crontab -u root -e |
| @reboot /root/cdp-listen eth0 |
