A chronological documentation test project, nothing serious, really!

13 Mar 2015 cdp by using tcpdump

If you do not have a cdp command available on your linux server, then tcpdump can be used instead.

$ sudo tcpdump -nn -v -s 1500 -c 1 'ether[20:2] == 0x2000' -i eth0

tcpdump: listening on bond1, link-type EN10MB (Ethernet), capture size 1500 bytes
08:53:01.946674 CDPv2, ttl: 180s, checksum: 692 (unverified), length 254
        Device-ID (0x01), length: 37 bytes: 'switch-name'
        Address (0x02), length: 13 bytes: IPv4 (1)
        Port-ID (0x03), length: 12 bytes: 'Ethernet1/16'
        Capability (0x04), length: 4 bytes: (0x00000228): L2 Switch, IGMP snooping
        Version String (0x05), length: 66 bytes:
          Cisco Nexus Operating System (NX-OS) Software, Version 6.0(2)N2(2)
        Platform (0x06), length: 11 bytes: 'N5K-C5548UP'
        Native VLAN ID (0x0a), length: 2 bytes: 209
        AVVID trust bitmap (0x12), length: 1 byte: 0x00
        AVVID untrusted ports CoS (0x13), length: 1 byte: 0x00
        Duplex (0x0b), length: 1 byte: full
        System Name (0x14), length: 11 bytes: 'switch-name'
        System Object ID (not decoded) (0x15), length: 14 bytes:
          0x0000:  040c 1b06 0204 0103 0d02 0102 123c
        Management Addresses (0x16), length: 13 bytes: IPv4 (1)
        Physical Location (0x17), length: 8 bytes: 0x00/switch-location
1 packets captured
16 packets received by filter
0 packets dropped by kernel

It might take up to 60 seconds before you get a result from this command.

Lines of interest
Device-ID – tells us the switch name
Port-ID – the port you are connected to
Native VLAN ID – the ports VLAN

Tags: , ,

Posted by

17 Sep 2008 Listen to network traffic using tcpdump

Please note that you have to be the root user to use this command because it puts the network card in promiscuous mode.

# tcpdump -i eth0 -A -s 0 udp port 1514 and host

The example above command listens on port 1514 which is the port ossec-hids uses on its secure communication between server/agent.

-i Listen on interface.
-A Print each packet (minus its link level header) in ASCII.
-s Snarf snaplen bytes of data from each packet rather than the default of 68 (with SunOS’s NIT, the minimum is actually 96). Setting snaplen to 0 means use the required length to catch whole packets.
udp - listen to UDP traffic
port - the port you want to listen to
host your host IP address


Posted by