Showing posts with label LLDP. Show all posts
Showing posts with label LLDP. Show all posts

Wednesday, April 20, 2022

[Golang] 一個簡單範例使用gopacket去解析LLDP封包內容

因為工作上需要查看主機上所收到任何的LLDP封包,故在網上搜尋了一下資料與範例程式碼,組成下列一個簡單範例。

本程式會找出所有在此本機上的Net Devices ( Interface ),並依序收集封包,一旦發現有LLDP則會列印相關資訊在console上。

Tuesday, June 5, 2012

[How to] do trouble shooting with LLDP setting on Switch

Let me assume if there is a simple topology here
                              +------------------+
                      Switch  |  172.17.255.254  |
                              +-----+------------+
              +-----------------+   |
      Switch  |   172.17.4.1    |<--+
              +----------+------+
 +--------------+        |
 | Your Server: |        |
 | 172.17.2.200 |<-------+
 +--------------+

A. Make sure Switch and Switch could ping each other
  1. telnet 172.17.255.254
  2. ping 172.17.4.1
B. Make sure that every port should have "management address" checked.

C. Use snmpwalk to check 172.17.255.254 has remote ip address of 172.17.4.1
  • exp: snmpwalk -c public -v2c 172.17.255.254 1.0.8802.1.1.2.1.4.2.1.3
  • if we cannot see the result as follows, it means that the LLDP configuration setting on Switch 172.17.255.254 is wrong. 
         Result: iso.0.8802.1.1.2.1.4.2.1.3.0.4.55.1.4.172.17.4.1 = INTEGER: 2

D. Use snmpwalk to check 172.17.4.1if it has remote ip address of 172.17.255.254
  • exp: snmpwalk -c public -v2c 172.17.4.1 1.0.8802.1.1.2.1.4.2.1.3
  •  if we cannot see the result as follows, it means that the LLDP configuration setting on Switch 172.17.4.1 is wrong.

Monday, April 23, 2012

[How to] Use tcpdump to look at LLDP packet

Here is an example about how to use tcpdump tool to look at LLDP information

> sudo tcpdump -c 1 -lv -v -i eth0 -a -e -s 1514 ether proto 0x88cc

The result:
tcpdump: listening on eth4, link-type EN10MB (Ethernet), capture size 1514 bytes
13:30:46.426056 08:00:27:09:61:e9 (oui Unknown) > 01:80:c2:00:00:0e (oui Unknown), ethertype LLDP (0x88cc), length 156: LLDP, length 142
    Chassis ID TLV (1), length 7
      Subtype MAC address (4): 08:00:27:09:61:e9 (oui Unknown)
      0x0000:  0408 0027 0961 e9
    Port ID TLV (2), length 7
      Subtype MAC address (3): 08:00:27:09:61:e9 (oui Unknown)
      0x0000:  0308 0027 0961 e9
    Time to Live TLV (3), length 2: TTL 120s
      0x0000:  0078
    System Name TLV (5), length 15: Ubuntu-Devstack
      0x0000:  5562 756e 7475 2d44 6576 7374 6163 6b
    System Description TLV (6), length 43
      Ubuntu 11.10\0x0a Linux 3.0.0-14-generic x86_64
      0x0000:  5562 756e 7475 2031 312e 3130 0a20 4c69
      0x0010:  6e75 7820 332e 302e 302d 3134 2d67 656e
      0x0020:  6572 6963 2078 3836 5f36 34
    System Capabilities TLV (7), length 4
      System  Capabilities [Bridge, WLAN AP, Router] (0x001c)
      Enabled Capabilities [Bridge, Router] (0x0014)
      0x0000:  001c 0014
    Management Address TLV (8), length 12
      Management Address length 5, AFI IPv4 (1): Ubuntu-Devstack.local
      Interface Index Interface Numbering (2): 5
      0x0000:  0501 c0a8 7a01 0200 0000 0500
    Port Description TLV (4), length 4: eth4
      0x0000:  6574 6834
    Organization specific TLV (127), length 9: OUI IEEE 802.3 Private (0x00120f)
      Link aggregation Subtype (3)
        aggregation status [supported], aggregation port ID 0
      0x0000:  0012 0f03 0100 0000 00
    Organization specific TLV (127), length 9: OUI IEEE 802.3 Private (0x00120f)
      MAC/PHY configuration/status Subtype (1)
        autonegotiation [supported, enabled] (0x03)
        PMD autoneg capability [10BASE-T hdx, 10BASE-T fdx, 100BASE-TX hdx, 100BASE-TX fdx, 1000BASE-T fdx] (0x6c01)
        MAU type 1000BASET fdx (0x001e)
      0x0000:  0012 0f01 036c 0100 1e
    Organization specific TLV (127), length 6: OUI IEEE 802.3 Private (0x00120f)
      Max frame size Subtype (4)
        MTU size 0
      0x0000:  0012 0f04 0000
    End TLV (0), length 0



The following is the argument list for reference:
 -a    將網絡地址和廣播地址轉變成名字
 -d    將匹配信息包的代碼以人們能夠理解的彙編格式給出
 -dd    將匹配信息包的代碼以c語言程序段的格式給出
 -ddd   將匹配信息包的代碼以十進制的形式給出
 -e    在輸出行打印出數據鏈路層的頭部信息
 -f    將外部的Internet地址以數字的形式打印出來
 -l    使標準輸出變為緩衝行形式( line buffered mode )
 -n    不把網絡地址轉換成名字
 -t    在輸出的每一行不打印時間戳
 -v    輸出一個稍微詳細的信息,例如在ip包中可以包括ttl和服務類型的信息
 -vv    輸出詳細的報文信息
 -c    在收到指定的包的數目後,tcpdump就會停止
 -F    從指定的文件中讀取表達式,忽略其它的表達式
 -i    指定監聽的網絡接口
 -r    從指定的文件中讀取包(這些包一般通過-w選項產生)
 -w    直接將包寫入文件中,並不分析和打印出來
 -T    將監聽到的包直接解釋為指定的類型的報文,常見的類型有rpc (遠程過程調用)和snmp(簡單網絡管理協議;)