Sniffing CDP and LLDP information with tcpdump

 

The following tcpdump command will sniff your network for Cisco Discovery Protocol information. Change eth0 to match your currently network interface.

# get information about Cisco Discovery Protocol
$  sudo tcpdump -nnvi eth0 -s 1500 -c 1 'ether[20:2] == 0x2000'

The following tcpdump command will sniff your network for Link Layer Discovery Protocol information. Change eth0 to match your currently network interface.

# get information about Link Layer Discovery Protocol
$ sudo tcpdump -nnvi eth0 -s 1500 -XX -c 1 'ether proto 0x88cc'

The last option show how to use an expression to combine the two filters.

# get information about CDP and LLDP
$  sudo tcpdump -nnvi eth0 -s 1500 -c 1 '(ether[20:2]=0x2000 or ether[12:2]=0x88cc )'

(Check this link for more information about CDP and LLDP.)

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s