Embed Size (px)
Citation preview
The Laboratory of Computer The Laboratory of Computer Communication and NetworkingCommunication and Networking
Cisco Development ProtocolCisco Development Protocol
CDP1CDP1
Submitted by:Submitted by:
Michael Shmulyan Michael Shmulyan skteddyskteddy@t2@t2
Evgeny Kulikov Evgeny Kulikov stevgkulstevgkul@t2 @t2
Ilya Raichman Ilya Raichman silyarsilyar@t2@t2
What is CDPWhat is CDP
CDP stands for Cisco Detection Protocol.CDP stands for Cisco Detection Protocol.All Cisco devices support CDP because the All Cisco devices support CDP because the protocol is implemented in IOS (operating protocol is implemented in IOS (operating system used on Cisco hardware).system used on Cisco hardware).CDP works above layer 2, thus can be used CDP works above layer 2, thus can be used before IP is configured.before IP is configured.
How CDP worksHow CDP works
All Cisco devices transmit once in a while All Cisco devices transmit once in a while CDP packets, which contain information CDP packets, which contain information about the device. about the device.
These packets advertise a time-to-live value These packets advertise a time-to-live value in seconds, which indicates the length of in seconds, which indicates the length of time that the receiver can hold the packet time that the receiver can hold the packet before it must be discarded. before it must be discarded.
How CDP works(cont.)How CDP works(cont.)
CDP packets are sent with a time-to-live value that CDP packets are sent with a time-to-live value that is nonzero after an interface is enabled and with a is nonzero after an interface is enabled and with a time-to-live value of zero immediately before an time-to-live value of zero immediately before an interface is idled down. This provides for quick interface is idled down. This provides for quick state discovery.state discovery.
All Cisco devices receive CDP packets and cache All Cisco devices receive CDP packets and cache the information in the packet. The cached the information in the packet. The cached information is available to network management. information is available to network management.
How CDP works(cont.)How CDP works(cont.)
Cisco devices never forward a CDP packet Cisco devices never forward a CDP packet so the information gathered is only about so the information gathered is only about devices with which we have layer two devices with which we have layer two connectivity, and not all the devices in the connectivity, and not all the devices in the network. If any information changes from network. If any information changes from the last received packet, the new the last received packet, the new information is cached and the older information is cached and the older information is discarded even if its time-to-information is discarded even if its time-to-live value has not yet expired.live value has not yet expired.
Our Final GoalOur Final Goal
Our goal was to implement a CDP protocol Our goal was to implement a CDP protocol for PC under Windows XP operating for PC under Windows XP operating system.system.
We implemented user-friendly view of We implemented user-friendly view of information collected from the neighbor information collected from the neighbor devices (Such as real Cisco devices or other devices (Such as real Cisco devices or other PCs).PCs).
Our Final GoalOur Final Goal (cont.) (cont.)
As well as reading CDP packets from the As well as reading CDP packets from the network, the product transmits CDP packets network, the product transmits CDP packets either in:either in:Real mode Real mode Simulation mode Simulation mode Silent mode Silent mode
Our Final GoalOur Final Goal (cont.) (cont.)
Real mode – the real information about the Real mode – the real information about the PC. PC.
Simulation mode – distributing information Simulation mode – distributing information of inexistent virtual devices. of inexistent virtual devices.
Silent mode – sending nothing Silent mode – sending nothing
Our Final GoalOur Final Goal (cont.) (cont.)
In Real mode the information is taken In Real mode the information is taken directly from the operation system using directly from the operation system using special purpose API, without the special purpose API, without the involvement of the user. involvement of the user.
In Simulation mode – the user has an option In Simulation mode – the user has an option to choose how his PC will appear for the to choose how his PC will appear for the other devices (as a router for example) other devices (as a router for example) using nice GUI. User can store these using nice GUI. User can store these configurations and load them as needed.configurations and load them as needed.
Modules DescriptionModules Description
Networking and connectionNetworking and connection
DATABASEDATABASE
GUIGUI
MODULES LAYOUTMODULES LAYOUT
Networking and connectionNetworking and connection
ReceiverReceiver – implements a listener that is – implements a listener that is responsible for receiving, validating and analyzing responsible for receiving, validating and analyzing CDP packets from the network and storing them in CDP packets from the network and storing them in DB. DB.
SenderSender – is responsible for transmitting CDP – is responsible for transmitting CDP packets from this PC, this information may packets from this PC, this information may represent true facts about the PC as well as made represent true facts about the PC as well as made up information in order to simulate other Cisco up information in order to simulate other Cisco devices and test our own system under different devices and test our own system under different conditions conditions
DATABASEDATABASE
Stores all the information collected by the Stores all the information collected by the Receiver Receiver
Our database is implemented as a delta queue in Our database is implemented as a delta queue in order to minimize the number of timers running in order to minimize the number of timers running in the system to one instead of a timer for every the system to one instead of a timer for every device. device.
There is a special thread, internal to the data base There is a special thread, internal to the data base module, which is responsible for cleaning it from module, which is responsible for cleaning it from expired entries.expired entries.
The database holds internal Mutex to protect the The database holds internal Mutex to protect the critical section of reading / writing to it.critical section of reading / writing to it.
GUIGUI
Graphic User Interface is dialog-based Graphic User Interface is dialog-based MFC application.MFC application.
Through the GUI user can:Through the GUI user can:• check current database state or/and his PC check current database state or/and his PC
settings and save it to file.settings and save it to file.• switch between modes(simulating, real or switch between modes(simulating, real or
silent)silent)• set attributes for simulated CDP set attributes for simulated CDP
packet(manually or load from the file)packet(manually or load from the file)
THREADSTHREADS
There are four main threads:There are four main threads: READERREADER PARSERPARSER PACKET-BUILDERPACKET-BUILDER WRITER WRITER
THREADS(cont.)THREADS(cont.)
Reader-Parser threads pair:Reader-Parser threads pair: The reader thread receives CDP packet from the The reader thread receives CDP packet from the
network and invokes the parser thread. network and invokes the parser thread. The reader thread filters traffic and verifies that The reader thread filters traffic and verifies that
the packet it passes to the parser has CDP’s MAC the packet it passes to the parser has CDP’s MAC header. header.
Parser thread analyzes the packet and stores the Parser thread analyzes the packet and stores the sending device info in the database, making it sending device info in the database, making it available for the GUI to take for display.available for the GUI to take for display.
THREADS(cont.)THREADS(cont.)
There may be more than one reader thread, one for There may be more than one reader thread, one for every adapter that the computer has. every adapter that the computer has.
The reader thread listens on that adapter using The reader thread listens on that adapter using WINPCAP libraries and sends message to the WINPCAP libraries and sends message to the parser thread when a packet arrives.parser thread when a packet arrives.
There is only one parser thread, and it needs to do There is only one parser thread, and it needs to do much more complex operations than the reader much more complex operations than the reader (such as parsing the raw buffer of bytes into a (such as parsing the raw buffer of bytes into a device info, validating the checksum, and inserting device info, validating the checksum, and inserting it to the data base).it to the data base).
THREADS(cont.)THREADS(cont.)
PacketPacket builder - Writer threads pair builder - Writer threads pair Packet builder thread is responsible to create CDP Packet builder thread is responsible to create CDP
packets once in a needed time and invoke the packets once in a needed time and invoke the writer thread, which will send the packet on the writer thread, which will send the packet on the Ethernet by attaching an appropriate MAC Ethernet by attaching an appropriate MAC address.address.
The writer is not intelligent, it receives a buffer of The writer is not intelligent, it receives a buffer of bytes and is responsible to send it to the network bytes and is responsible to send it to the network (without even knowing what it was).(without even knowing what it was).
THREADS(cont.)THREADS(cont.)
On the other side, the packet builder thread creates On the other side, the packet builder thread creates a valid CDP packet out of information about a valid CDP packet out of information about device, stored in the system (device, stored in the system (cdevice classcdevice class).).
Once in a predefined interval of time the packet Once in a predefined interval of time the packet builder builds the packet and invokes the writer builder builds the packet and invokes the writer thread to send it.thread to send it.
In order to prevent writers message queue from In order to prevent writers message queue from overflowing, writer’s priority is higher than the overflowing, writer’s priority is higher than the priority of packet builder.priority of packet builder.
THREADS(cont.)THREADS(cont.)
There can be no deadlock in our system, (so no There can be no deadlock in our system, (so no other mechanisms of synchronization are needed) other mechanisms of synchronization are needed) because in each pair of thread there is a master because in each pair of thread there is a master thread that gives orders to the slave thread. thread that gives orders to the slave thread.
INTERNAL INFO REPRESENTATIONINTERNAL INFO REPRESENTATION
CDP packets are binary, with variant field CDP packets are binary, with variant field length - which makes it harder to create and length - which makes it harder to create and parse them.parse them.
We want to save it (internally) in a more We want to save it (internally) in a more accessible way, making it easier to display accessible way, making it easier to display and modify field info, however this way is and modify field info, however this way is not that economical in place.not that economical in place.
INTERNAL INFO INTERNAL INFO REPRESENTATION(cont.)REPRESENTATION(cont.)
Our way to do this is Our way to do this is CiscoDevice CiscoDevice class that holds class that holds complete information about one device, and complete information about one device, and provides the functionality needed for a device provides the functionality needed for a device such as: such as:
• building it from a CDP packetbuilding it from a CDP packet • extracting CDP packet from a deviceextracting CDP packet from a device • saving and loading device information from / to disksaving and loading device information from / to disk • selectively changing / adding / modifying fieldsselectively changing / adding / modifying fields • checking what fields (TLV) are present in a devicechecking what fields (TLV) are present in a device • validating checksum of a packetvalidating checksum of a packet
Modes Of OperationModes Of Operation
There are three main modes of operation in our There are three main modes of operation in our
systemsystem Silent ModeSilent Mode – nothing at all is being sent – nothing at all is being sent Real ModeReal Mode – the real information about the PC is – the real information about the PC is
distributeddistributed Simulation ModeSimulation Mode – the user can configure a simulated – the user can configure a simulated
device, and other devices on a network will not see the PC device, and other devices on a network will not see the PC but a simulated device.but a simulated device.
Modes Of Operation(cont.)Modes Of Operation(cont.)
Real mode is a default mode, but the user can Real mode is a default mode, but the user can switch the modes.switch the modes.
Simulation mode is limited in time by Simulated Simulation mode is limited in time by Simulated Period setting. When entering the mode, the user Period setting. When entering the mode, the user specifies for how long (in seconds) he wants to specifies for how long (in seconds) he wants to simulate.simulate.
When the simulation period is over the system When the simulation period is over the system automatically switches back to the Real mode and automatically switches back to the Real mode and notifies the user.notifies the user.
DIAGNOSTICS AND LOGGINGDIAGNOSTICS AND LOGGING
For diagnostics issues, our application maintains statistics For diagnostics issues, our application maintains statistics
of valid packets versus broken packets that were received.of valid packets versus broken packets that were received. If more detailed information is needed about the events in If more detailed information is needed about the events in
the network, the user may watch the log file, automatically the network, the user may watch the log file, automatically
created by our applicationcreated by our application.. Any packet, either valid or broken, is recorded in the log Any packet, either valid or broken, is recorded in the log
together with the time it was received and the MAC together with the time it was received and the MAC address of the sender.address of the sender.
Our application simply appends all the info to the log file, Our application simply appends all the info to the log file, marking the beginning of a new session (activation of the marking the beginning of a new session (activation of the application).application).
WinPCap UsageWinPCap Usage
To execute actual CDP packets distribution and To execute actual CDP packets distribution and sniffing (Level 2) we used WinPCap package. sniffing (Level 2) we used WinPCap package.
The user is requested to install the package before The user is requested to install the package before using the application. using the application.
All the interaction with WinPCap while running All the interaction with WinPCap while running the application is hidden from the user. the application is hidden from the user.
In a case of multiple adapters, configured on PC, In a case of multiple adapters, configured on PC, CDP packets are distributed on and collected from CDP packets are distributed on and collected from every adapterevery adapter
THE ENDTHE END
That’s all! That’s all!
Hope you enjoy it!! Hope you enjoy it!!
For more detailed information about the For more detailed information about the project see project see FINAL REPORTFINAL REPORT! !
Now it’s time to run CDP1!!!Now it’s time to run CDP1!!!
