Check out my first novel, midnight's simulacra!

Topology Discovery

From dankwiki
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Topology discovery refers to the determination of a network's nodes and links. Explicit topology discovery typically works via either expanding enumeration of broadcast domains or successive queries of authorities. The former requires that broadcasts/multicasts be routed beyond the immediate broadcast domain; the latter requires a system of authorities. Implicit topology discovery has no particular protocol support, but makes use of a combination of techniques to expand knowledge of topology. This tends not to proceed as quickly, nor be as locally complete, as explicit methods, but can be applied more generally than explicit discovery. The two can be combined, as performed by tools such as omphalos.

Explicit Protocols

Cisco Discovery Protocol (CDP)

Link-Layer Discovery Protocol (LLDP)

IEEE Standard 802.1AB-2005. It operates directly atop Ethernet, using protocol number 0x88cc, or over SNAP-encoded LLC with the discriminator aa:aa:03:00:00:00. The LLDP multicast destination address is 01:80:c2:00:00:0e.

Link-Local Topology Discovery (LLTD) Protocol

A Microsoft protocol native to Windows Vista and supported on Windows XP via add-on. It operates directly atop Ethernet, using protocol number 0x88D9.

LLTD Packet Format

Field Size Value
Ethernet header (14 bytes)
Destination MAC 6 octets
Source MAC 6 octets
Protocol 2 octets 0x88d9 in NBO
LLTD Demux Header (4 bytes)
Version 1 octet 1
Type of Service 1 octet
  • 0: Topology Discovery
  • 1: Quick Discovery
  • 2: QoS Diagnostics
Reserved 1 octet Must be set to 0 by sender

Must be ignored by receiver

Function 1 octet Specific to Type of Service values

Inferring Topology

See Also

  • Wireshark's entries for LLDP