Obtaining CDP information on a Windows device
Closed     Case # 10039     Affiliated Job:  New Trier Township District 2031
Opened:  Wednesday, May 19, 2010     Closed:  Wednesday, May 19, 2010
Total Hit Count:  16937     Last Hit:  Friday, November 1, 2024 2:55:44 PM
Unique Hit Count:  5317     Last Unique Hit:  Friday, November 1, 2024 2:55:44 PM
Case Type(s):  Network, Server
Case Notes(s):  All cases are posted for review purposes only. Any implementations should be performed at your own risk.

Request:
I recently needed to grab port information for a server connected to a Cisco switch that has CDP enabled. I didn't want to walk down and map out the cable to the switch port so I began searching out an alternative.

Outcome:
I found a great article online with how this can be achieved:
-   http://windowssystemspecialist.blogspot.com/2006/07/windows-command-line-cdp-capture.html


The instructions are pretty straight forward:
-   Download the TCPDUMP.EXE
   o   http://www.microolap.com/products/network/tcpdump/
   o   Has WinPCap built into it.
-   Identify the interface to scan:
   o   netsh interface ip show interface "Local Area Connection" | findstr /i "index"
-   Before running the executable, I found I had to disable antivirus first because some can block this program from running.
-   Run the command: (Change the "-i" value to the appropriate Interface #)
   o   tcpdump -nn -v -i # -s 1500 -c 1 ether[20:2] == 0x2000
-   The results may be similar to as follows
    tcpdump: listening on \Device\{GUID Displayed of Interface}
    12:27:13.751768 CDPv2, ttl: 180s, checksum: 692 (unverified), length 284
        Device-ID (0x01), length: 20 bytes: 'DEVICEID(CISCO SWITCH/CORE NAME)'
        Address (0x02), length: 13 bytes: IPv4 (1) CORE IP ADDRESS
        Port-ID (0x03), length: 4 bytes: 'BLADE/PORT#'
        Capability (0x04), length: 4 bytes: (0x0000000a): Transparent Bridge, L2 Switch
        Version String (0x05), length: 96 bytes:
          WS-C6506 Software, Version McpSW: 7.6(9) NmpSW: 7.6(9)
          Copyright (c) 1995-2004 by Cisco Systems
    
        Platform (0x06), length: 8 bytes: 'WS-C6506'
        VTP Management Domain (0x09), length: 9 bytes: 'DOMAINNAME'
        Native VLAN ID (0x0a), length: 2 bytes: 213
        Duplex (0x0b), length: 1 byte: full
        AVVID trust bitmap (0x12), length: 1 byte: 0x00
        AVVID untrusted ports CoS (0x13), length: 1 byte: 0x00
        System Name (0x14), length: 7 bytes: 'CISCO SWITCH/CORE NAME'
        System Object ID (not decoded) (0x15), length: 10 bytes:
          0x0000: 0608 2b06 0104 0109 052d
        Management Addresses (0x16), length: 13 bytes: IPv4 (1) CORE IP ADDRESS
        Physical Location (0x17), length: 31 bytes: 0x00/TEXT NAME OF LOCATION
    1 packets captured
    117 packets received by filter
    0 packets dropped by kernel



Profile IMG: Footer Left Profile IMG: Footer Right