Easily display CDP connection info

Here’s a quick one-liner to efficiently display CDP (Cisco Discovery Protocol) information on your windows PC. I must give credit to this post.

First of all, download and install WinPcap and a copy of WinDump.exe here. WinDump is a runtime .exe, so no installation is necessary.

Now, WinDump is a command-line utility, so to easily access it, I recommend you put it in your windows or system32 directory so you can easily access it from the command-line in any working directory.

Use WinDump.exe -D to get your network connection’s identifier string.
C:WinDump.exe -D
1.DeviceNPF_{FD16AF8D-2700-46D5-8C2B-759B0C54991A} (Sun)
2.DeviceNPF_{39E87FB9-DB40-4476-8B05-601AB3F4CC08} (Microsoft)
3.DeviceNPF_{6588B9CB-A7E7-4998-A780-3652193EA45B} (Intel(R) PRO/1000 PL Network Connection)

Here’s the command format I use:
C:WinDump.exe -nn -v -i DeviceNPF_{6588B9CB-A7E7-4998-A780-3652193EA45B} -s 1500 -c 1 “ether[20:2] == 0x2000”

The command breakdown is similar to what is on the original post sample.
-nn displays output in numeric only format
-v displays verbose information
-i specifies the interface to use for the captures
-s specifies packet byte size to be snagged
-c exits the program after capturing one packet matching bytes 20 and 21 from the start of the Ethernet header for a hex value of 2000

The output of the command above after successfully capturing a CDP packet looks like this:
15:50:59.355171 CDPv2, ttl: 180s, checksum: 692 (unverified), length 418
Device-ID (0x01), length: 11 bytes: ‘Switch2’
Address (0x02), length: 13 bytes: IPv4 (1)
Port-ID (0x03), length: 19 bytes: ‘GigabitEthernet1/2’
Capability (0x04), length: 4 bytes: (0x00000029): Router, L2 Switch, IGMP snooping
Version String (0x05), length: 289 bytes:
Cisco Internetwork Operating System Software
IOS ™ Catalyst 4000 L3 Switch Software (cat4000-IS-M), Version 12.1(13)EW1, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Tue 18-Mar-03 07:33 by hqluong
Platform (0x06), length: 15 bytes: ‘cisco WS-C4507R’
Prefixes (0x07), length: 5 bytes: IPv4 Prefixes (1):
VTP Management Domain (0x09), length: 5 bytes: ‘vtpdomain’
Native VLAN ID (0x0a), length: 2 bytes: 129
Duplex (0x0b), length: 1 byte: full
AVVID trust bitmap (0x12), length: 1 byte: 0x00
AVVID untrusted ports CoS (0x13), length: 1 byte: 0x00

This info is great, there is lots of useful data: switch name, ip, interface, switchport native vlan, vtp domain, etc. But is not immediately clear what’s on the other end. So here’s a little bit of help.

I put this command and others in a batch file to simplify things and to initiate CDP capture from an icon. Start the batch file with the WinDump command and have the output echo into a .txt file.
WinDump.exe -nn -v -i DeviceNPF_{6588B9CB-A7E7-4998-A780-3652193EA45B} -s 1500 -c 1 “ether[20:2] == 0x2000” >RESULT.txt

Now, using the Find command, have it search the RESULT.txt file and output the data you like as so:
FIND /I “Device-ID” RESULT.txt
FIND /I “Port-ID (0x03)” RESULT.txt
FIND /I “Address (0x02)” RESULT.txt
FIND /I “Native VLAN ID (0x0a)” RESULT.txt

So now, just run the batch file, and when a CDP packet is captured, the output will display only the data you need as so:
Device-ID (0x01), length: 11 bytes: ‘Switch2’

Port-ID (0x03), length: 19 bytes: ‘GigabitEthernet1/2’

Address (0x02), length: 13 bytes: IPv4 (1)

Native VLAN ID (0x0a), length: 2 bytes: 100

This little script saves me so much time everyday, and is a great alternative to commercial software that does the same. If anyone has any ideas to help make it better, please let me know!

Leave a Reply

Your email address will not be published. Required fields are marked *

eighteen − six =