No matter how good your network diagrams are, sometimes you need to verify the port your server/desktop is in. Cisco Discovery Protocol is a great tool for network admins when you need to quickly map routers and switches, and if you’ve got an ESX server connected you’ll see that it picks up CDP info too – but the vast majority of my managed systems are Windows.
Here’s how to use TCPDUMP by Micro Olap to extend that functionality to your Windows boxes.
Firstly you need to find the interface number of the network adaptor you are trying to find CDP data for. Use this command:
tcpdump -D
Which gives you a list of the interfaces on the computer:
My actual NIC is the third one in the list, so I can run the command:
tcpdump -i 3 -nn -v -s 1500 -c 1 ether[20:2] == 0x2000
-i n [interface and the number in the list, for me 3]
-nn [don’t resolve DNS, speeds things up]
-v [verbose mode, otherwise we won’t see all the packet details]
-s 1500 [set the maximum packet size to capture, the MTU is 1500 by default so it will capture the entire packet]
-c 1 [Capture one packet only, since we only want the CDP packet and filter using the header]
ether[20:2] == 0x2000 [Check the Ethernet header packet ID for the hex value 0x2000 – CDP protocol]
Some output is omitted, but you can see that the name of the switch and the port are both in there.
Easier than tracing a cable!