Check out my first novel, midnight's simulacra!
Topology Discovery
Topology discovery refers to the determination of a network's nodes and links. Explicit topology discovery typically works via either expanding enumeration of broadcast domains or successive queries of authorities. The former requires that broadcasts/multicasts be routed beyond the immediate broadcast domain; the latter requires a system of authorities. Implicit topology discovery has no particular protocol support, but makes use of a combination of techniques to expand knowledge of topology. This tends not to proceed as quickly, nor be as locally complete, as explicit methods, but can be applied more generally than explicit discovery. The two can be combined, as performed by tools such as omphalos.
Explicit Protocols
Cisco Discovery Protocol (CDP)
Link-Layer Discovery Protocol (LLDP)
IEEE Standard 802.1AB-2005. It operates directly atop Ethernet, using protocol number 0x88cc, or over SNAP-encoded LLC with the discriminator aa:aa:03:00:00:00. The LLDP multicast destination address is 01:80:c2:00:00:0e.
Link-Local Topology Discovery (LLTD) Protocol
A Microsoft protocol native to Windows Vista and supported on Windows XP via add-on. It operates directly atop Ethernet, using protocol number 0x88D9.
LLTD Packet Format
| Field | Size | Value |
|---|---|---|
| Ethernet header (14 bytes) | ||
| Destination MAC | 6 octets | |
| Source MAC | 6 octets | |
| Protocol | 2 octets | 0x88d9 in NBO |
| LLTD Demux Header (4 bytes) | ||
| Version | 1 octet | 1 |
| Type of Service | 1 octet |
|
| Reserved | 1 octet | Must be set to 0 by sender
Must be ignored by receiver |
| Function | 1 octet | Specific to Type of Service values |
Inferring Topology
See Also
- Wireshark's entries for LLDP
