Wireshark & CDP

Posted by

0


Now here’s a useful thing for those people who need to deal with Cisco hardware on a regular basis, did you know Wireshark understands CDP? For me I’ve found this very useful…

An example of when I’ve used is when we were moving a bunch of users in the office with static IP addresses, we obviously knew where the user was sitting but without cable tracing, we didn’t know which (Cisco) switch port they were connected to. However, if I plug into their LAN port and fire up Wireshark I can see the CDP traffic. Directly from Wireshark I got the following info:

Device ID: GLA_3524:01(V)
Port ID: FastEthernet0/17
Platform: cisco WS-C3550-24-PWR
IP address…

Obviously I’m not telling you the IP address but I got this as well. So with this information I could tell which switch and port the user was connected, really useful for me anyway!

So how did I do it???

1. Fire up Wireshark on your laptop
2. Plug in the LAN cable where you want to monitor
3. Start Wireshark to capture the interface you’re connected to
4. Wait about 30 secs then stop the capture
5. Sort by Protocol in the trace window and scrolling up/down you should see CDP, assuming you’re connected to a Cisco switch (picture to be included…)
6.Click on the last CDP message and you should find a bunch of useful info in the decode window

Using Wireshark to read CDP

Using Wireshark to read CDP

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s