{"id":328,"date":"2015-08-26T17:02:33","date_gmt":"2015-08-26T16:02:33","guid":{"rendered":"http:\/\/www.troliver.com\/?p=328"},"modified":"2015-11-04T14:59:37","modified_gmt":"2015-11-04T14:59:37","slug":"progress-update-network-mapping-tool-thing","status":"publish","type":"post","link":"https:\/\/www.troliver.com\/?p=328","title":{"rendered":"Progress update: network mapping tool thing"},"content":{"rendered":"<p>The last 6 months have become very busy, so\u00a0I decided to take a break from the breaking (and fixing) of our servers and get back to the program I&#8217;ve been working on to map\u00a0network information (for which I still have no real name for).<\/p>\n<p>Progress had been going quite well; by around December last year, I had worked out:<\/p>\n<ul>\n<li>How to\u00a0identify and store system information (adapters, MAC address, IP address, hostname)<\/li>\n<li>How to import\u00a0configuration settings to determine which network adapter a capture should be opened for<\/li>\n<li>How to open a capture on a specific system adapter and capture one packet that is either LLDP or CDP<\/li>\n<li>Dissect the packet further and extract the VLAN and Switchport ID<\/li>\n<li>Upload all of this data as a string to a database and store it in a table<\/li>\n<li>Display all the table data<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>Eventually, I figured I would try it out on our clients. I used a\u00a0<em>FOG<\/em>\u00a0snapin to push the program out to all the clients, and within 5 minutes, all PCs that were turned on had managed to deploy the snapin and upload their results to my database.<\/p>\n<p><a href=\"http:\/\/www.troliver.com\/wp-content\/uploads\/2015\/08\/results1.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-332\" src=\"http:\/\/www.troliver.com\/wp-content\/uploads\/2015\/08\/results1.png\" alt=\"results1\" width=\"853\" height=\"602\" srcset=\"https:\/\/www.troliver.com\/wp-content\/uploads\/2015\/08\/results1.png 853w, https:\/\/www.troliver.com\/wp-content\/uploads\/2015\/08\/results1-300x212.png 300w\" sizes=\"(max-width: 853px) 100vw, 853px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>It was a great feeling &#8211; suddenly seeing a hodge-podge of a program that ran on just one or two desktops now actually returning actual information (the IPs are fine, just anonymised for the post). It managed to acquire about 150 or so sets of information, so here&#8217;s the thoughts from this:<\/p>\n<ul>\n<li>Hostnames look fine<\/li>\n<li>IPs are fine<\/li>\n<li>Dates are fine<\/li>\n<li>VLANs are nearly all wrong<\/li>\n<li>Switchport IDs are.. mostly ok. Lots seem wrong though<\/li>\n<li>MAC addresses and switch IPs I have to include sometime<\/li>\n<li>All computers need to have WinPcap installed<\/li>\n<\/ul>\n<p>One thing to do for the future, which would be cool, is to see if I can create a single executable with all the code it needs to do packet capture\u00a0<em>without\u00a0<\/em>relying on a packet capture driver being already installed on the system. Is that even possible?<\/p>\n<p>The other thing that needs to be done is to sort out the VLAN and switchport information &#8211; the cause of some of the apparently malformed is that I&#8217;m currently &#8220;guessing&#8221; where the packet data is, based on packets that I had seen from the computer I was working on and had pulled apart in <em>Wireshark<\/em>:<\/p>\n<p><a href=\"http:\/\/www.troliver.com\/wp-content\/uploads\/2015\/08\/results2.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-333\" src=\"http:\/\/www.troliver.com\/wp-content\/uploads\/2015\/08\/results2.png\" alt=\"results2\" width=\"808\" height=\"514\" srcset=\"https:\/\/www.troliver.com\/wp-content\/uploads\/2015\/08\/results2.png 808w, https:\/\/www.troliver.com\/wp-content\/uploads\/2015\/08\/results2-300x191.png 300w\" sizes=\"(max-width: 808px) 100vw, 808px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>I knew this would be an issue, however, since data lengths are variable, depending on the size of some of the information (switch name, IP and port ID can all be different lengths).\u00a0So to fix this, I need a way to read the entire packet and work out what exactly is at which point; luckily, both LLDP and CDP packets use\u00a0<em>TLV<\/em>\u00a0formats &#8211; that is, each consecutive sets of bytes within the packet are all logically separated into\u00a0<strong>T<\/strong>ype,\u00a0<strong>L<\/strong>ength and\u00a0<strong>V<\/strong>alues. You can&#8217;t tell from a random location what that information is, however, so you absolutely must read the entire packet in and determine what the type is, followed by its length and then finally you can get an entire set of data as the value (usually).<\/p>\n<p>Today has been spent working on that and I&#8217;m nearly done &#8211; so a\u00a0next post will break it down!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The last 6 months have become very busy, so\u00a0I decided to take a break from the breaking (and fixing) of our servers and get back to the program I&#8217;ve been working on to map\u00a0network information (for which I still have no real name for). Progress had been going quite well; by around December last year, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_newsletter_tier_id":0,"jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[1],"tags":[30,15,34],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6PQZ3-5i","_links":{"self":[{"href":"https:\/\/www.troliver.com\/index.php?rest_route=\/wp\/v2\/posts\/328"}],"collection":[{"href":"https:\/\/www.troliver.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.troliver.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.troliver.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.troliver.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=328"}],"version-history":[{"count":2,"href":"https:\/\/www.troliver.com\/index.php?rest_route=\/wp\/v2\/posts\/328\/revisions"}],"predecessor-version":[{"id":349,"href":"https:\/\/www.troliver.com\/index.php?rest_route=\/wp\/v2\/posts\/328\/revisions\/349"}],"wp:attachment":[{"href":"https:\/\/www.troliver.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=328"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.troliver.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=328"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.troliver.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=328"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}