Jump to content



Recommended Posts

Not sure if this is the right place to discuss but I was able to get the shark to pull LLDP info from the device it is connected to and had it email me the results. It is taking about 64 seconds to go from plugging in to reading the email with the info I need to be able to find the switch a wall port is connected to. I am however bad at formatting the data, any tips or materials to help with formatting the data would be handy.

I had to install a few packages first, mailsend and lldpd. Anyone know of more light weight ways to do this I am all ears...

After those were installed I setup a payload to wait until it got an IP to run the commands for LLDP and email it to me. This includes the IP the shark pulled from DHCP, LLDP info like the switch port ID, switch management IP, switch model and version.


Link to comment
Share on other sites

That's excellent! I'm going to add that to the nmap script from MonsieurMarc that I modified. (replaced pastebin exfiltration and with email.) Thanks for the info!

I would be interested to see what you payload looks like if you are alright with sharing. 🙂

Link to comment
Share on other sites

Here are the snippets from my payload for this task. This all assumes that you have installed LLDPD and MAILSEND already. I used the SSH server payload to get the shark online and installed them that way.


#Enable SSH Server
/etc/init.d/sshd start

sleep 10
#Wait for an IP Address and Add this IP info to the loot file - stolen from other script by darren.
while ! ifconfig eth0| grep "inet addr" >> /root/loot/info.txt; do sleep 1;done

sleep 2

#Assign LLDPD to eth0 - found without this it would fail
lldpd -I eth0
sleep 2

#Restart the LLDPD service - found it would fail without this
/etc/init.d/lldpd restart
sleep 2

#Copy LLDP info to LOOT file - this is where I could use help formatting the data.
lldpcli show neighbor detail > /root/loot/info.txt
sleep 2
#Send email with the info from LOOT file to the EMAILADD 
mailsend -to toADDRESS -from fromADDRESS -starttls -port 587 -auth -smtp SMTPADDRESS -sub "SUBJECT LINE GOES HERE" -mime-type text/plain -msg-body /root/loot/info.txt -v -user fromADDRESSUSER -pass "fromADDRESSPASSWORD"
sleep 1


In the end I get an email with this in the body. It needs some work to clean it up with only the data that is useful.

 inet addr:  Bcast:  Mask:

LLDP neighbors:
Interface:    eth0, via: LLDP, RID: 1, Time: 0 day, 00:00:01
    ChassisID:    mac 50:65:f3:9a:3e:a0
    SysName:      017-156-12506
    SysDescr:     HP J9774A 2530-8G-PoEP Switch, revision YA.15.12.0015, ROM YA.15.12 (/ws/swbuildm/YA_rel_knoxville_qaoff/code/build/lakes(swbuildm_YA_rel_knoxville_qaoff_rel_knoxville))
    Capability:   Bridge, on
    PortID:       local 6
    PortDescr:    6
    TTL:          120
    PMD autoneg:  supported: yes, enabled: yes
      Adv:          10Base-T, HD: yes, FD: yes
      Adv:          100Base-TX, HD: yes, FD: yes
      Adv:          1000Base-T, HD: no, FD: yes
      MAU oper type: 100BaseTXFD - 2 pair category 5 UTP, full duplex mode
    MDI Power:    supported: yes, enabled: yes, pair control: no
      Device type:  PSE
      Power pairs:  signal
      Class:        class 0
  VLAN:         17, pvid: yes
    Device Type:  Network Connectivity Device
    Capability:   Capabilities, yes
    Capability:   Policy, yes
    Capability:   Location, yes
    Capability:   MDI/PSE, yes



Link to comment
Share on other sites

  • 2 weeks later...

This is exactly what I'm looking for!  We have been looking for a way to check ports around the school to see what VLANs are assigned easily.

Does anyone have a git for this yet?

the C2 option also looks like it could work!  

a BLE connection to a dashboard app that could be displayed on your mobile device would be  supa cool 🙂  

Link to comment
Share on other sites

  • 2 years later...

This works really well for me after setting the interface and restarting the service per above BUT I usually have to wait 25-30 seconds after the restart before "show neighbors" will return anything. Has anyone else seen this? Thanks!

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...