Displaying CDP info via tcpdump or snoop
Cisco Discovery Protocol is a management protocol that Cisco uses to communicate a great deal of information about a network connection. The protocol tells you which switch and and port you are connected to. And if you are trying to debug connectivity issues, such as a system being connected to the wrong VLAN, or with the wrong duplex, this can help. If you are connected at the wrong speed, your system typically will not give you a valid link status, so a bad speed settings will probably prevent you from getting any data from the interface. There are CDP analysis programs for Windows that Network people can use to display CDP packets for a port, however, this generally requires someone to hook the PC up to the port in question.
In AIX 5.3, the tcpdump program an format CDP packets for you. It is as simple as specifiying verbose output and telling the system which packets to display. If you are using Solaris, you can use snoop to find the CDP packets, but it does not format the data nicely. I have a script, cdpinfo that will format grab the data using either tcpdump or snoop, and format select information from the packet.
Command:
# tcpdump -nn -vvv -i en0 -s 1500 -c 1 'ether[20:2] == 0x2000'
Options explained.
-nn don't do dns or port number lookups
-vvv very verbose output
-i en0 specifies the interface to use
-s 1500 capture 1500 bytes of the packet (typical MTU size)
-c 1 capture one packet and exit
'ether[20:2] == 0x2000' capture only packets that have a 2 byte value of hex 2000 starting at
byte 20.
Output:
tcpdump: listening on en0, link-type 1, capture size 1500 bytes
10:41:55.398940 snap 0:0:c:20:0 CDP v2, ttl: 180s, checksum: 692 (unverified)
Device-ID (0x01), length: 25 bytes: 'MYSWITCH01.net.somecompany.com' # hostname
Version String (0x05), length: 293 bytes:
Cisco Internetwork Operating System Software
IOS (tm) s72033_rp Software (s72033_rp-ADVENTERPRISEK9_WAN-M), Version 12.2(18)SXF4, RELEASE SOFTWARE (fc1) # ios version
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by cisco Systems, Inc.
Compiled Thu 23-Mar-06 19:38 by tinhuang
Platform (0x06), length: 14 bytes: 'cisco WS-C6513' # switch model
Address (0x02), length: 13 bytes: IPv4 (1) 192.168.0.50 # switch ip
Port-ID (0x03), length: 20 bytes: 'GigabitEthernet13/26' # connection port
Capability (0x04), length: 4 bytes: (0x00000029): Router, L2 Switch, IGMP snooping
VTP Management Domain (0x09), length: 7 bytes: 'mwv-vtp'
Native VLAN ID (0x0a), length: 2 bytes: 2033 # vlan ID
Duplex (0x0b), length: 1 byte: full
AVVID trust bitmap (0x12), length: 1 byte: 0x00
AVVID untrusted ports CoS (0x13), length: 1 byte: 0x00
18 packets received by filter
0 packets dropped by kernel
LLDP (link layer discovery protocol)
The standard based version of CDP is LLDP (link layer discovery protocol). Some vendors will have this on by default and others off, so your mileage will vary. There are some LLDP implementations for Linux, but if you want something similar to the above you can use this (set up LLDP on a Cisco switch and tested the below, which is more consistent with above):
# tcpdump -nn -v -i em1 -s 1500 -c 1 'ether proto 0x88cc'
# tcpdump -i eth0 arp
force10 开启lldp
force10(conf)# protocol lldp
force10(conf-lldp)# no disable
force10# show lldp statistics
--------- LLDP GLOBAL STATISTICS ON CHASSIS ------------
Total number of neighbors: 0
Last table change time: 4w5d18h, In ticks: 145901708
Total number of Table Inserts: 0
Total number of Table Deletes: 0
Total number of Table Drops: 0
Total number of Table Age Outs: 0