lunar (1) cdp.1.gz

Provided by: irpas_0.10-9_amd64 bug

NAME

       cdp - cdp packet generator

SYNOPSIS

       cdp -i <interface> [-v -n x -l x -c c -r] [-D <string> -P <string> -L <string> -S <string>
       -F <ip address> -C <capabilities>]

DESCRIPTION

       This manual page documents briefly the cdp command.  This manual page was written for  the
       Debian distribution because the original program does not have a manual page.

       CDP  is  a  layer 2 protocol used by Cisco routers to discover each other on the same link
       (segment). This protocol is not routed and therefore this tool is just useful in the local
       segment.

       CDP  messages contain information about the sending Cisco router. These include the device
       ID (hostname), port ID (which port was the sender), the platform running on, the  software
       incl.  version,  what  the  box  is  capable of and which network address (IP address) the
       interface has. If not configured otherwise, Cisco routers send these messages out every 30
       seconds.   In   our   case   (ethernet),   they   are   send  to  a  special  MAC  address
       (01:00:0C:CC:CC:CC) and therefore are  received  from  every  Cisco  router  in  the  same
       segment.  Other  routers store the data and hold it for a time defined in the message (the
       tool uses the maximum of 255 seconds).

       Very interesting is, that Cisco IOS uses the device ID as key to find out if the  received
       message  is  an  update  and  the neighbor is already known or not. If the device ID is to
       long, this test seems to fail and you constantly fill up the routers memory.

       The CDP tool can be used in two different modi:

       The flood mode is used to send garbage CDP messages  to  the  wire,  which  has  different
       effects  to  the routers depending on their IOS version. It is not tested very well, which
       version of IOS reacts in which way on which kind of Cisco hardware. So if you come  across
       something,  please  report it. IOS 11.1(1) was tested and the router could match even long
       device id´s but rebooted after receiving three or four random device id names. Most  other
       IOS  versions  just  store  the  message and fill up the memory. When you try to debug CDP
       events, all IOS we tested crashed and reboot.

       To use CDP, you have to specify the ethernet interface you will be working on: -i eth0

       Everything else is optional.

       -v     verbose

       -n x   send x packets

       -l x   length of the device id string. Keep in mind, that the
              whole ethernet frame has to be smaller the 1514 bytes.
              The maximum length is therefore 1480 for the device id
              (default is 1400)

       -c c   fills the device id with the char 'c' (default is 'A')

       -r     makes the device id a random string of characters, which
              leads to no matching on the receiver Cisco and to memory fillup
              or crash

       Example:

         cdp -i eth0 -n 10000 -l 1480 -r

       Hint: if you want to flood the  routers  completely,  start  two  processes  of  cdp  with
       different  sizes. One of them running on full size (1480) to fill up the major part of the
       memory and another to fill up the rest with a length of 10 octets.

       The second mode for CDP is spoofing. You can enable this mode with the command line option
       -m  1.  It  has  no  actuall  use  for  attacking router and is mostly targeted fro social
       engineering or just to confuse the local administrator. It is used to send out 100%  valid
       CDP  information  packets  which look like generated by other Cisco routers. Here, you can
       specify any part of a CDP message yourself.

       -i <interface> ethernet interface

       -v                     verbose

       -D <string>            device id string

       -P <string>            port id string

       -L <string>            platform string

       -S <string>            software string

       -F <ip address>        ip address of the interface

       -C <capabilities>      the capabilities of the device you are claiming to be:
                     R - Router, T - Trans Bridge, B - Source Route Bridge,
                     S - Switch, H - Host, I - IGMP, r - Repeater
                     Combine the letters to a string: RI means Router and IGMP

       Example:

         cdp -v -i eth0 -m 1 -D 'Linuxfirewall' -P 'Ethernet0' -C R -L 'Intel' -S "`uname -a`" \
             -F '10.1.1.1'

       Which results on the cisco router in the following information:

       cisco#sh cdp neig detail

       -------------------------

       Device ID: Linuxfirewall

       Entry address(es):

       IP address: 10.1.1.1

       Platform: Intel,  Capabilities: Router

       Interface: Ethernet0,  Port ID (outgoing port): Ethernet0

       Holdtime : 238 sec

       Version :

       Linux vince 2.4.18-686 #1 Sun Apr 14 11:32:47 EST 2002 i686 unknown unknown GNU/Linux

AUTHOR

       This manual page was written by Vince Mulhollon <vlm@debian.org>, for the Debian GNU/Linux
       system (but may be used by others).

                                         January 1, 2003                                   CDP(1)