search

chall32 / LDWin

Link Discovery for Windows
395 stars 51 forks source link

LDWin Command Line Support #16

Open Sharkrit opened 7 years ago

Sharkrit commented 7 years ago

Hi chall32,

Is that possible to make the CLI version by any chance? It would be nice if I can do like lldpcli on Linux. lldpcli show neighbors

Sharkrit commented 7 years ago

Hi @chall32 ,

I attempts to made as CLI version by using PowerShell script, but I run into parameters parsing issue. $TcpDump = "\\NetworkShareLocation\tcpdump.exe" $nic1 = gwmi win32_networkadapter | ? netconnectionstatus -eq 2 | select -first 1 [string]$Arguments = " -i \Device\$($nic1.GUID)"+" -nn -v -s 1500 -c 1 (ether[12:2]==0x88cc or ether[20:2]==0x2000)" $Arguments | $TcpDump

I have got this errors: ether[12:2]==0x88cc : The term 'ether[12:2]==0x88cc' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:109 + ... 8-BC4B-7B3203769E66} -nn -v -s 1500 -c 1 (ether[12:2]==0x88cc or ethe ... + ~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (ether[12:2]==0x88cc:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException

It seems like PowerShell not except long argument or tcpdump.exe cannot retrieve parameter parsed from PowerShell, Do you have any idea?

Sharkrit commented 7 years ago

Seems like "tcpdump.exe" unable to run on PowerShell at all. Even I typed in command manually, it still throw exception error PS C:\Data\'-i \Device\{1ADC30BF-0DE9-40DE-8CEC-A3EB6E64E6BC} -nn -v -s 1500 -c 1 (ether[12:2]==0x88cc or ether[20:2]==0x2000)' | .\tcpdump.exe C:\Data\tcpdump.exe: listening on \Device\{BCE969FB-89D9-423A-8DE2-9BC3E5CBE9D9} C:\Data\tcpdump.exe: \: Error opening adapter: Overlapped I/O operation is in progress. (997)

Sharkrit commented 7 years ago

I get it work when to run in CMD instead of PowerShell, but I don't know how to parse GUID value to tcpdump.exe directly. C:\Windows\system32>wmic nic where "NetConnectionStatus=2" get netconnectionid,guid,index,name GUID Index Name NetConnectionID {3253CB13-C402-4903-9221-D320686390C8} 5 HPE FlexFabric 10Gb 4-port 536FLR-T Adapter Embedded FlexibleLOM 1 Port 2 {C6046E99-A660-4373-A0A2-898CD74477A6} 8 HPE FlexFabric 10Gb 4-port 536FLR-T Adapter Embedded FlexibleLOM 1 Port 1 C:\Windows\system32>\\MyUncSharePath\d$\tools\tcpdump\tcpdump.exe -i \Device\{3253CB13-C402-4903-9221-D320686390C8} -nn -nn -v -s 1500 -c 1 (ether[12:2]==0x88cc or ether[20:2]==0x2000) \\MyUncSharePath\d$\Applications\tcpdump\tcpdump.exe: listening on \Device\{ABCDABCD-1234-1234-1234-D123412341234}

cascadeth commented 7 years ago

It seems as though @chall32 doesn't care about a CLI version...

@Sharkrit I was able to do this without tcpdump(since licensing and stufff). I used WinDump instead and the Powershell scripts I wrote I believe should be quite useful for the parsing. Link to the repo I just made public: https://github.com/cascadeth/switch-witch/