CDP Fun

Problem: You want to know which switch and what port your Linux machine is connected to?

Solution: If the switch does CDP (all Cisco switches do), it tells you a lot of information. Tcpdump can capture and show this information.

# tcpdump -i eth0 -n -v -s 1500 -c 1 'ether[20:2] == 8192' 
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 1500 bytes
16:47:43.099633 CDPv2, ttl: 180s, checksum: 692 (unverified), length 438
         Device-ID (0x01), length: 4 bytes: 'SW10'
         Platform (0x06), length: 20 bytes: 'cisco WS-C3750G-48TS'
         Address (0x02), length: 13 bytes: IPv4 (1) XXX.XXX.XXX.10
         Port-ID (0x03), length: 21 bytes: 'GigabitEthernet3/0/25'
         Capability (0x04), length: 4 bytes: (0x00000029): Router, L2 Switch, IGMP snooping
         Protocol-Hello option (0x08), length: 32 bytes: 
         VTP Management Domain (0x09), length: 7 bytes: 'XXX'
         Native VLAN ID (0x0a), length: 2 bytes: 1
         Duplex (0x0b), length: 1 byte: full
         Management Addresses (0x16), length: 13 bytes: IPv4 (1) XXX.XXX.XXX.10

I highlighted the most relevant information in bold.

Share on Facebook0Tweet about this on TwitterShare on Google+0Email this to someone