Comments (11)
"I changed the code". Is LDWin source code available anywhere?
from ldwin.
https://github.com/chall32/LDWin ?
From: Antoni Sawicki [mailto:[email protected]]
Sent: 25 September 2015 21:11
To: chall32/LDWin [email protected]
Cc: jnmills [email protected]
Subject: Re: [LDWin] Only the switch IP found (#6)
"I changed the code". Is LDWin source code available anywhere?
—
Reply to this email directly or view it on GitHub #6 (comment) .
from ldwin.
oh wait... this is in autoit... I was looking for .c files ;)
from ldwin.
OK, so looks like 2 issues here:
- AV wrongly picking LDWin.exe up as a false positive; indeed it looks like 3 out of 43 vendors are wrongly identifying LDWin as malicious: https://www.metascan-online.com/#!/results/file/1dadd140ccbb4ca4870075131ea7166c/regular
I'll follow this up. - Only switch IP returned. Looking at the LLDP RFC (http://standards.ieee.org/getieee802/download/802.1AB-2009.pdf):
port id and chassis id are listed as mandatory TLV's so should be the same across all devices.... Would it be possible to let me have a (sanitised if you prefer) tcpdump output as discussed here: https://github.com/chall32/LDWin/wiki/What-To-Do-If-LDWin-Captures-No-Data
To return port ID into the GUI, LDWin is looking for the text "Port Description TLV (4)" in the output of tcpdump. I'm wondering if there is some difference in the return from the Netgear switch which is causing LDWin not to pick up the correct info...
Thanks
Chris
from ldwin.
Chris
That was the (text) output from the tcpdump command – are you actually looking for the binary dump? I can capture that with wireshark
I am just about to go out: I will return this in a few hours I expect
Jonathan
From: Chris Hall [mailto:[email protected]]
Sent: 26 September 2015 11:11
To: chall32/LDWin [email protected]
Cc: jnmills [email protected]
Subject: Re: [LDWin] Only the switch IP found (#6)
OK, so looks like 2 issues here:
-
AV wrongly picking LDWin.exe up as a false positive; indeed it looks like 3 out of 43 vendors are wrongly identifying LDWin as malicious: https://www.metascan-online.com/#!/results/file/1dadd140ccbb4ca4870075131ea7166c/regular
I'll follow this up.
-
Only switch IP returned. Looking at the LLDP RFC (http://standards.ieee.org/getieee802/download/802.1AB-2009.pdf):
https://cloud.githubusercontent.com/assets/1158765/10116979/6c6f5c48-643e-11e5-8b76-f8d2f476c934.png
port id and chassis id are listed as mandatory TLV's so should be the same across all devices.... Would it be possible to let me have a (sanitised if you prefer) tcpdump output as discussed here: https://github.com/chall32/LDWin/wiki/What-To-Do-If-LDWin-Captures-No-Data
To return port ID into the GUI, LDWin is looking for the text "Port Description TLV (4)" in the output of tcpdump. I'm wondering if there is some difference in the return from the Netgear switch which is causing LDWin not to pick up the correct info...
Thanks
Chris
—
Reply to this email directly or view it on GitHub #6 (comment) . https://github.com/notifications/beacon/AHwr-Wek6p-lAi06wSVs9QOW_xA12lIDks5o1ma0gaJpZM4GDxdU.gif
from ldwin.
Hey Jonathan,
No problem. The full output from a LLDP packet capture, something like (as found on the internet):
09:15:04.185692 LLDP, length 151
Chassis ID TLV (1), length 7
Subtype MAC address (4): 00:15:60:85:74:12 (oui Unknown)
Port ID TLV (2), length 4
Subtype Local (7): 185
Time to Live TLV (3), length 2: TTL 120s
Port Description TLV (4), length 3: H17
System Name TLV (5), length 11: Switch_System_Name
System Description TLV (6), length 90
HP J4865A ProCurve Switch 4108GL, revision G.07.93, ROM G.05.02
(/sw/code/build/gamo(m03))
System Capabilities TLV (7), length 4
System Capabilities [Bridge, Router] (0x0014)
Enabled Capabilities [Bridge] (0x0004)
Management Address TLV (8), length 12
Management Address length 5, AFI IPv4 (1): switch_hostname.net
Interface Index Interface Numbering (2): 0
End TLV (0), length 0
Would be good.
Thanks
Chris
from ldwin.
I thought I attached one to the original comment in the Issue: But here it is. The line numbers are my own.
12:21:24.443497 LLDP, length 46
Chassis ID TLV (1), length 7
Subtype MAC address (4): 2c:b0:5d:a1:ac:fd
Port ID TLV (2), length 3
Subtype Local (7): g1
Time to Live TLV (3), length 2: TTL 120s
Management Address TLV (8), length 20
Management Address length 5, AFI IPv4 (1): 192.168.1.253
Interface Index Interface Numbering (2): 13
OID length 8broadcom
End TLV (0), length 0
It may be that the Netgear ProSafe switch isn’t that compliant with a standard. I have to admin the only thing I really want out of it was the Port ID which tells me where I am connected to (in this case g1)
From: Chris Hall [mailto:[email protected]]
Sent: 26 September 2015 11:29
To: chall32/LDWin [email protected]
Cc: jnmills [email protected]
Subject: Re: [LDWin] Only the switch IP found (#6)
Hey Jonathan,
No problem. The full output from a LLDP packet capture, something like (as found on the internet):
09:15:04.185692 LLDP, length 151
Chassis ID TLV (1), length 7
Subtype MAC address (4): 00:15:60:85:74:12 (oui Unknown)
Port ID TLV (2), length 4
Subtype Local (7): 185
Time to Live TLV (3), length 2: TTL 120s
Port Description TLV (4), length 3: H17
System Name TLV (5), length 11: Switch_System_Name
System Description TLV (6), length 90
HP J4865A ProCurve Switch 4108GL, revision G.07.93, ROM G.05.02
(/sw/code/build/gamo(m03))
System Capabilities TLV (7), length 4
System Capabilities Bridge, Router
Enabled Capabilities Bridge
Management Address TLV (8), length 12
Management Address length 5, AFI IPv4 (1): switch_hostname.net
Interface Index Interface Numbering (2): 0
End TLV (0), length 0
Would be good.
Thanks
Chris
—
Reply to this email directly or view it on GitHub #6 (comment) . https://github.com/notifications/beacon/AHwr-eei7C5VuQLL1lOs3h3O4z0wPXMFks5o1mr3gaJpZM4GDxdU.gif
from ldwin.
Hi Chris.
Just a quick comment.
I did a bit of reading about LLDP. Afaict the only mandatory fields are port ID, chassis ID and time to live. You don't /have/ to send the textual descriptions?
What about displaying the description if you have it, otherwise the raw I'd?
Jonathan
Sent from my iPad
On 26 Sep 2015, at 11:29, Chris Hall [email protected] wrote:
Hey Jonathan,
No problem. The full output from a LLDP packet capture, something like (as found on the internet):
09:15:04.185692 LLDP, length 151
Chassis ID TLV (1), length 7
Subtype MAC address (4): 00:15:60:85:74:12 (oui Unknown)
Port ID TLV (2), length 4
Subtype Local (7): 185
Time to Live TLV (3), length 2: TTL 120s
Port Description TLV (4), length 3: H17
System Name TLV (5), length 11: Switch_System_Name
System Description TLV (6), length 90
HP J4865A ProCurve Switch 4108GL, revision G.07.93, ROM G.05.02
(/sw/code/build/gamo(m03))
System Capabilities TLV (7), length 4
System Capabilities Bridge, Router
Enabled Capabilities Bridge
Management Address TLV (8), length 12
Management Address length 5, AFI IPv4 (1): switch_hostname.net
Interface Index Interface Numbering (2): 0
End TLV (0), length 0
Would be good.Thanks
Chris
—
Reply to this email directly or view it on GitHub.
from ldwin.
Have a test of v2.2 👍
Release 2.2 - 28 Sept 2015
- Added support for LLDP "Chassis ID TLV (1)"
- Added support for LLDP "Port ID TLV (2)"
Yeah, probably should have supported them from the get go, but hey they are supported now!
Let me know how you get on
Chris
from ldwin.
That’s cool …. It identifies my port not! And the switch name … Brill, thanks.
Jonathan
From: Chris Hall [mailto:[email protected]]
Sent: 28 September 2015 17:43
To: chall32/LDWin [email protected]
Cc: jnmills [email protected]
Subject: Re: [LDWin] Only the switch IP found (#6)
Have a test of v2.2 https://assets-cdn.github.com/images/icons/emoji/unicode/1f44d.png
Release 2.2 - 28 Sept 2015
- Added support for LLDP "Chassis ID TLV (1)"
- Added support for LLDP "Port ID TLV (2)"
Yeah, probably should have supported them from the get go, but hey they are supported now!
Let me know how you get on
Chris
—
Reply to this email directly or view it on GitHub #6 (comment) . https://github.com/notifications/beacon/AHwr-Yw6bdRSl3yOpNPcGDxVBZ3Lybwuks5o2WWvgaJpZM4GDxdU.gif
from ldwin.
Excellent 😄 Issue closed
from ldwin.
Related Issues (20)
- Unable to get link data on Windows 10 HOT 6
- No Commandline Switches HOT 10
- Voice VLAN ID
- Does not return MAC address of switch HOT 1
- LDWin Command Line Support HOT 4
- Support reporting all hosts when receiving LLDP packets from multiple sources. HOT 2
- LDWin.exe not display new port after change it HOT 1
- Here is how to select physical NICs
- Cisco SG switches compatible? HOT 2
- New Cisco Switch and IOS - More info HOT 8
- LDwin keeps posting my own mac address as switch name and gives no info HOT 2
- EDR flags LDWin.exe
- EXE Flagged by virus vendors HOT 3
- Non-consistent output
- Is there a Command line option ?
- Newer switchport types name is too long
- Windows 11 Compatibility HOT 17
- LDWin.exe deletes itself after launch HOT 1
- Enlarge the field "Switch Model"
- 64 bit version
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ldwin.