chall32 / ldwin Goto Github PK

Hello, like any good sysadmin, I checked the file before executing. According to VirusTotal, 5 different engines have potential issues with the EXE file in your repo.

https://www.virustotal.com/gui/file/ed0bf3c3746fcaa8f4efcf12ad26c590cba709f229c0f4f8fc33e6df227b1872/detection

This has been since a couple of months.
Already tried reinstalling network card, Windows Firewall, Troubleshooter.
Have read all the tickets, asked all my coworkers, but nobody seems to have the same problem.

If i open the program, select a network card and click on Get Link Data it will instantly show my own mac address and nothing else, i can scan multiple network cards but they all show the same result, I've also tried multiple switches but nothing works.

Thanks in advance for your help.

See screenshot below,

When I use LDWin ver 2.0 with a Dell 5548 PowereConnect it passes through the switch and goes to the next switch upstream.
O/S Win 7 pro

Hi chall32,

Is that possible to make the CLI version by any chance?
It would be nice if I can do like lldpcli on Linux.
lldpcli show neighbors

I was wondering if there was a command line option for this application ?

Hello,
I tested LDWin.exe on my laptop. When displaying information from the LAN port, the first result was always displayed when the port was changed. The correct value of another port was displayed only after the laptop was restarted, and only the one was shown. Even if the Ethernet LAN port has been disconnected. Is this a good behavior? Thank you.

I tried using the tool from my laptop to a Cisco SG switch. It has an invalid port info.

C:\Temp>tcpdump.exe -d

** Tcpdump v4.5.1 (Nov 20, 2013) for Windows **
** Win98/ME/NT4/2000/XP/2003/Vista/2008/Win7/Win8/Win2012 **

** built with Microolap Packet Sniffer SDK v6.1 and **
** Microolap WinPCap to Packet Sniffer SDK migration module. **

** (c) Microolap Technologies, **
** Khalturin A.P. & Naumov D.A. **
** http://www.microolap.com **

** Trial license. **

tcpdump.exe: listening on \Device{6990D8C0-6750-4521-B77D-708D3C2A9C40}
tcpdump.exe: : Error opening adapter: Overlapped I/O operation is in progress. (997)

This is using Windows 10 Enterprise Build 10586.318
I did run the TCPDUMP above as an administrator.

When using LDWin connected to a switch with mGig support, the port number is truncated by 1 character.

So all 2 digit ports starting from 20-29 show as port 2

i.e.

FiveGigabitEthernet1/0/25

shows as

FiveGigabitEthernet1/0/2

And so forth.

It may be better to either increase the length of the display field to account for this, or to substitute numbers for words such as

5GigabitEthernet

in place of

FiveGigabitEthernet

Hello,

Could you please enlarge the field "Switch Model", some of CISCO SMB models need more characters (on 2 lines) ;-)

Hi Chris,

Thanks for this great tool!

I have directed many to use it and one of noted it was flaged as malware by Virustotal at https://www.virustotal.com/en/file/ed0bf3c3746fcaa8f4efcf12ad26c590cba709f229c0f4f8fc33e6df227b1872/analysis/1464117137/ - can you help and clear this?

Thanks,

Eitan

First off, great utility. I tried this utility in mulitple configurations and all execpt one has returned the expected results.

I recently refreshed my PC to a Lenovo X1 Carbon with an external OneLink Pro Dock with a Gigabit ethernet connection. If I hardwire a network adapter via USB or tcpdump sees the interface, but LDWin does not. Here is the output

tcpdump -D

** Tcpdump v4.5.1 (Nov 20, 2013) for Windows **
** Win98/ME/NT4/2000/XP/2003/Vista/2008/Win7/Win8/Win2012 **

** built with Microolap Packet Sniffer SDK v6.1 and **
** Microolap WinPCap to Packet Sniffer SDK migration module. **

** (c) Microolap Technologies, **
** Khalturin A.P. & Naumov D.A. **
** http://www.microolap.com **

** Trial license. **

1.\Device\PssdkLoopback (PSSDK Loopback Ethernet Emulation Adapter)
2.\Device\NdisWanBh (WAN Miniport (Network Monitor))
3.\Device{B426ECB8-3FDC-4738-8912-B236908F2BD4} (ThinkPad OneLink Pro Dock Giga Ethernet)
4.\Device{AFA859BD-7559-4658-A21E-9DDA5A756377} (Intel(R) Dual Band Wireless-AC 7260)
5.\Device{F9451C28-22FF-4DD9-AE40-6F5381981F7C} (Intel(R) Ethernet Connection I218-LM)

tcpdump -i 3 -nn -s 1500 -c 1 (ether[12:2]=0x88cc or ether[20:2]==0x2000)

** Tcpdump v4.5.1 (Nov 20, 2013) for Windows **
** Win98/ME/NT4/2000/XP/2003/Vista/2008/Win7/Win8/Win2012 **

** built with Microolap Packet Sniffer SDK v6.1 and **
** Microolap WinPCap to Packet Sniffer SDK migration module. **

** (c) Microolap Technologies, **
** Khalturin A.P. & Naumov D.A. **
** http://www.microolap.com **

** Trial license. **

tcpdump: listening on \Device{B426ECB8-3FDC-4738-8912-B236908F2BD4}
09:23:15.117373 LLDP, length 142: SEP8CB64F57EF89.cisco.com
1 packet captured
307 packets received by filter
0 packets dropped by kernel

The "Local Area Connection" lists the I218-LM network adapter"
The "Local Area Connection 2" (both of the entries) in the list show the network card as "Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Window x64".

Thanks,
Dan Keller

Can you add Voice VLAN ID support? This would help us out a bunch. Thanks for the awesome tool!

We've been using LDWin for a long time and it's been great.
We've just put some new switches in (Cisco C9300-48P) and the data LDWIN gets isn't the same.
Port Identifier and Switch model, they are reporting different fields such as the IOS version on the switch model and our own description field on the Port ID instead of the port interface.
However, if we keep running 'get link data' we can occasionally see the correct info under those fields, but the then other fields, like VLAN Identifier are blank.
I'm wondering if Cisco have changed/increaed what information they are sending but LDWIN can only read so much of it?

Have run LDWin on over 60 ports in the last week and getting a non-consistent output.

I am trying to write a PowerShell script to combine the output files for easy manipulation to speed up documentation and alterations needed to the switches.

Is there a reason for these non-consistent outputs at all?

Upon launching the LDWin.exe file, it deletes itself. This occurs on some machines...
We've attempted to run it as Administrator, and the result is the same.

OS: Windows 10
Arch: x64
OS Version: 22H2
Build: 19045

If using this program to troubleshoot Skype Locations, returning the MAC address is useful as we can compare the MAC address the client is seeing against the MAC address in the Skype database.

I think this should be a relatively simple addition?

Currently this fails if you are connecting through more than a single device which broadcasts LLDP.

In particular, this fails both when an LLDP daemon is installed on the windows host itself (LDWin picks up those packets) or if you are connecting to a switch through something like an IP Phone which also reports LLDP.

On the command line with a tool like lldpd this is resolved by simply printing multiple information blocks. Is there a simple way to add support for reporting multiple hosts broadcasting LLDP information?

Unfortunately I cannot simply look into it myself due to no source code.... ☹️ Perhaps look into releasing this under an open source license? I'm sure the community would be most appreciative 😄.

The app launches but can't retrieve data in Windows 11.

Hi,

I use Windows 10 version 1511 (OS build 10586.318) and Cisco switches.
I can't get info for some reason and would like to know how to troubleshoot this issue or what should be done computer or network wise to get Link Data.

Thank you

LDWIN 2.1; AutoIT 3.3.14.2

I have a Netgear Prosafe GS 108T and i tried ldwin with it.

It only returned the switch IP address - no MAC or Port id

I changed the code to make a copy of the data out of tcpdump, and it is as follows (the line numbers at the start are mine, not in the file)

0 12:21:24.443497 LLDP, length 46
1 Chassis ID TLV (1), length 7
2 Subtype MAC address (4): 2c:b0:5d:a1:ac:fd
3 Port ID TLV (2), length 3
4 Subtype Local (7): g1
5 Time to Live TLV (3), length 2: TTL 120s
6 Management Address TLV (8), length 20
7 Management Address length 5, AFI IPv4 (1): 192.168.1.253
8 Interface Index Interface Numbering (2): 13
9 OID length 8broadcom
10 End TLV (0), length 0

Also worth noting ...

AutoIt refused to run the file from github: I had to comment out the include of GUIHyperlink.au3 to get it working.

Norton Security removed the LDWin.exe file, saying it was a known threat. If you rename LDwin.exe to something else it runs (although it complains about it being potentially abusing, but does label it low risk)

Recenttly I upgraded to Win10, and can`t make LDWin work on it.

If IsObj($colItems) Then
For $objItem In $colItems
FileWriteLine($log, "[" & $objItem.NetConnectionID & "]")
FileWriteLine($log, "ProductName=" & $objItem.ProductName)
$value = $objItem.NetConnectionID
$GUID = $objItem.GUID
If StringLen($value) > 1 Then $Output = $Output & $value & "|"
$colItems2 = $objWMIService.ExecQuery("SELECT * FROM Win32_NetworkAdapterConfiguration WHERE SettingID = '" & $GUID & "'", "WQL", $wbemFlagReturnImmediately + $wbemFlagForwardOnly)
For $objItem2 In $colItems2
If $objItem.Index = $objItem2.Index Then
FileWriteLine($log, "SettingID=" & $objItem2.SettingID)
FileWriteLine($log, "IPAddress=" & $objItem2.IPAddress(0))
FileWriteLine($log, "MACAddress=" & $objItem2.MACAddress)
EndIf
Next
Next
Else
MsgBox(0, "WMI Output", "No WMI Objects Found for class: " & "Win32_NetworkAdapterConfiguration")
EndIf

it works like a charm

Is there a version of LDWin that is signed? Our EDR (Cybereason) keeps flagging the app as suspicious stating that there is a signed version available although the non-signed version is being run. I can;t find a signed version. Does one exist?

Hello,

the last digit ist missing on TenGigabit Cisco Switch:

It is Port 2/1/31.

First of all, wonderful tool, thanks!

Ran into a little issue:

Lenovo Thinkpad t440s Win8.1. No link data found after ten minutes with LDW, but tcpdump gets it.

Tcpdump output:
C:\bin>tcpdump -i 5 -nn -v -s 1500 -c 1 (ether[12:2]==0x88cc or ether[20:2]==0x2
000)

** Tcpdump v4.5.1 (Nov 20, 2013) for Windows **
** Win98/ME/NT4/2000/XP/2003/Vista/2008/Win7/Win8/Win2012 **

** built with Microolap Packet Sniffer SDK v6.1 and **
** Microolap WinPCap to Packet Sniffer SDK migration module. **

** (c) Microolap Technologies, **
** Khalturin A.P. & Naumov D.A. **
** http://www.microolap.com **

** Trial license. **

tcpdump: listening on \Device{779A0282-3E24-48DB-94CE-0A9A28EC7224}
09:41:16.781687 CDPv2, ttl: 180s, checksum: 692 (unverified), length 462
Device-ID (0x01), length: 40 bytes: 'nnnn'
Version String (0x05), length: 243 bytes:
Cisco IOS Software, C3560 Software (C3560-IPBASEK9-M), Version 12.2(55
)SE8, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Wed 26-Jun-13 11:18 by prod_rel_team
Platform (0x06), length: 19 bytes: 'cisco WS-C3560-24TS'
Address (0x02), length: 13 bytes: IPv4 (1) x.x.x.x
Port-ID (0x03), length: 16 bytes: 'FastEthernet0/21'
Capability (0x04), length: 4 bytes: (0x00000028): L2 Switch, IGMP snoopi
ng
Protocol-Hello option (0x08), length: 32 bytes:
VTP Management Domain (0x09), length: 3 bytes: 'nnnn'
Native VLAN ID (0x0a), length: 2 bytes: xxx
Duplex (0x0b), length: 1 byte: full
ATA-186 VoIP VLAN request (0x0e), length: 3 bytes: app 1, vlan xxx
AVVID trust bitmap (0x12), length: 1 byte: 0x01
Management Addresses (0x16), length: 13 bytes: IPv4 (1) x.x.x.x
unknown field type (0x1a), length: 12 bytes:
0x0000: 0000 0001 0000 0000 ffff ffff
1 packet captured
255 packets received by filter
0 packets dropped by kernel

Be nice if there was a 64 bit version for winpe.

LLDP and CDP are supposed to have both port Name and Description. The LDWin only displays the description. If switch ports have same description, or no description at all they are unidentifiable with the LDWin.

Hello,

i would like to know if its possible to get commandline switches to run this Programm over cmd rather than the gui?

I tried this tool with Win7 (64 x) on a HP EliteBook (different models).
In any possibility it says that it can't get pakets. I do not know why... Is there any logfile or erorr messages to search in? What can I do?