Decode CDP or LLDP packets with tcpdump

by | Jun 25, 2017 | Linux

If you don’t have LLPDd available you may use tcpdump to get all LLDP information. Bellow are a few examples on how you can do it.CDP

## This will often show you the Cisco chassis switch, then use your firms asset management software to find the upstream switch.
## -s 1500 capture 1500 bytes of the packet (typical MTU size)
## ether[20:2] == 0x2000 – Capture only packets that are starting at byte 20, and have a 2 byte value of hex 2000

interface=eth0 ; tcpdump -i ${interface}-v -s 1500 -c 1 'ether[20:2] == 0x2000'

LLDP

## Switch:

interface=eth0 ; tcpdump -i ${interface} -s 1500 -XX -c 1 'ether proto 0x88cc'

## Port and CDP Neighbor Info:

interface=eth0 ; tcpdump -i ${interface} -v -s 1500 -c 1 '(ether[12:2]=0x88cc or ether[20:2]'

If you need more info about CDP or LLDP have a look on the links bellow.
CDP stands for Cisco Discovery Protocol, which is a layer 2 protocol and is used to share information about other directly connected Cisco equipment (WikiPedia). LLDP stands for Link Layer Discovery Protocol and replaces CDP. LLDP is a vendor-neutral Data Link Layer protocol used by network devices for advertising of their identity, capabilities and neighbours (WikiPedia).This is useful to find out what VLAN your network interface is connected to (assuming that your using tagged VLANS), or what port am I plugged into on which switch.

 

Click to access the login or register cheese