dwallraff · December 23, 2015 23:10 · tcpdump-examples · Feb 10, 2021
diff --git a/cdp_dump.sh b/cdp_dump.sh
 tcpdump -nn -v -i eth0 -s 1500 -c 1 'ether[20:2] == 0x2000' 

 #CDP packets offer some additional insight to the network you're on:
 #The information contained in CDP announcements varies by the type of device and the version of the operating system running on it. Information contained includes the operating system version, hostname, every address for every protocol configured on the port where CDP frame is sent eg. IP address, the port identifier from which the announcement was sent, device type and model, duplex setting, VTP domain, native VLAN, power draw (for Power over Ethernet devices), and other device specific information.
 #You tcpdump output might look something like (IP address XX'd out):
 #14:42:57.087609 CDPv2, ttl: 180s, checksum: 692 (unverified), length 358
 #      Device-ID (0x01), length: 11 bytes: 'Public_DMZ'
 #      Address (0x02), length: 13 bytes: IPv4 (1) XXX.XXX.XX.X
 #      Port-ID (0x03), length: 16 bytes: 'FastEthernet0/21'
 #      Capability (0x04), length: 4 bytes: (0x00000028): L2 Switch,
 #IGMP snooping
 #      Version String (0x05), length: 220 bytes:
 #        Cisco Internetwork Operating System Software
 #        IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(12c)EA1,
 #RELEASE SOFTWARE (fc1)
 #        Copyright (c) 1986-2002 by cisco Systems, Inc.
 #        Compiled Sun 24-Nov-02 23:31 by antonino
 #      Platform (0x06), length: 21 bytes: 'cisco WS-C2950G-24-EI'
 #      Protocol-Hello option (0x08), length: 32 bytes:
 #      VTP Management Domain (0x09), length: 0 byte: ''
 #1 packets captured
 #2 packets received by filter
 #0 packets dropped by kernel
	tcpdump -nn -v -i eth0 -s 1500 -c 1 'ether[20:2] == 0x2000'

	#CDP packets offer some additional insight to the network you're on:
	#The information contained in CDP announcements varies by the type of device and the version of the operating system running on it. Information contained includes the operating system version, hostname, every address for every protocol configured on the port where CDP frame is sent eg. IP address, the port identifier from which the announcement was sent, device type and model, duplex setting, VTP domain, native VLAN, power draw (for Power over Ethernet devices), and other device specific information.
	#You tcpdump output might look something like (IP address XX'd out):
	#14:42:57.087609 CDPv2, ttl: 180s, checksum: 692 (unverified), length 358
	# Device-ID (0x01), length: 11 bytes: 'Public_DMZ'
	# Address (0x02), length: 13 bytes: IPv4 (1) XXX.XXX.XX.X
	# Port-ID (0x03), length: 16 bytes: 'FastEthernet0/21'
	# Capability (0x04), length: 4 bytes: (0x00000028): L2 Switch,
	#IGMP snooping
	# Version String (0x05), length: 220 bytes:
	# Cisco Internetwork Operating System Software
	# IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(12c)EA1,
	#RELEASE SOFTWARE (fc1)
	# Copyright (c) 1986-2002 by cisco Systems, Inc.
	# Compiled Sun 24-Nov-02 23:31 by antonino
	# Platform (0x06), length: 21 bytes: 'cisco WS-C2950G-24-EI'
	# Protocol-Hello option (0x08), length: 32 bytes:
	# VTP Management Domain (0x09), length: 0 byte: ''
	#1 packets captured
	#2 packets received by filter
	#0 packets dropped by kernel