Tenable's research group recently released plugin ID #24904 which speaks with the Link Layer Topology Discovery protocol. This is an Ethernet "layer 2" scan, so it is something you need to perform against a server within the collision domain of a Nessus scanner. LLTD allows you to enumerate a wide variety of information about the remote host. The current NASL script supports discovery of:
- host ID
- Physical Medium
- IPv4 and IPv6 addresses
- Link Bandwidth type
- Machine Name
Below is an obscured screen shot of a scan of a test Vista system.
Security Center customers can make use of this data to write dynamic asset lists for automatically classifying their Vista systems based on any of the discovered parameters such as name, IPv6 address, the presence of IPv6 and so on.
A useful "non-security" query would be to use the wireless signal strength to find Vista systems that aren't covered with enough wireless signal.
Also, since you can't send these sorts of queries over IP packets, you need to have your Nessus scanner in the same collision domain. Organizations that have deployed multiple Nessus scanners in each of their VLANs can use this check immediately.