CDP / LLDP Fun

Problem: You want to know which switch and what port your Linux machine is connected to?

Solution: If the switch does CDP (all Cisco switches do), it tells you a lot of information. Tcpdump can capture and show this information.

# tcpdump -i eth0 -n -v -s 1500 -c 1 'ether[20:2] == 8192' 
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 1500 bytes
16:47:43.099633 CDPv2, ttl: 180s, checksum: 692 (unverified), length 438
         Device-ID (0x01), length: 4 bytes: 'SW10'
         Platform (0x06), length: 20 bytes: 'cisco WS-C3750G-48TS'
         Address (0x02), length: 13 bytes: IPv4 (1) XXX.XXX.XXX.10
         Port-ID (0x03), length: 21 bytes: 'GigabitEthernet3/0/25'
         Capability (0x04), length: 4 bytes: (0x00000029): Router, L2 Switch, IGMP snooping
         Protocol-Hello option (0x08), length: 32 bytes: 
         VTP Management Domain (0x09), length: 7 bytes: 'XXX'
         Native VLAN ID (0x0a), length: 2 bytes: 1
         Duplex (0x0b), length: 1 byte: full
         Management Addresses (0x16), length: 13 bytes: IPv4 (1) XXX.XXX.XXX.10

I highlighted the most relevant information in bold.

CDP is quite old and on the way out. LLDP is the new standard with similar content:

# tcpdump -i eth0 -n -v -s 1500 -c 1 ether proto 0x88cc
tcpdump: listening on eth0
09:48:18.267131 LLDP, length 83
Chassis ID TLV (1), length 7
Subtype MAC address (4): XX:XX:XX:XX:XX:XX
Port ID TLV (2), length 7
Subtype Local (7): Port 4
Time to Live TLV (3), length 2: TTL 120s
Port Description TLV (4), length 6: Port 4
System Name TLV (5), length 4: UBNT
System Description TLV (6), length 37
USW-8P-150, 4.3.20.11298, Linux 3.6.5
System Capabilities TLV (7), length 4
System Capabilities [Bridge] (0x0004)
Enabled Capabilities [Bridge] (0x0004)
End TLV (0), length 0


Sample Output from an Ubiquitiy switch.