Wednesday, March 9, 2016

Packet Capture: CDP And What It Can Tell You

Information is a good thing, especially if you don't have it.  So what do you do when you don't have information?  You get it.
CDP has some really good information about the network in the packet if you need to gather information. See below.  I have only concentrated on gathering the core IP address, its software version, and the platform it is.  There is more information, but for today's post, we don't care about it.  I really just want you to see what you can gain if you don't have access to the network devices, but can gain sniffing capability.
Generically, here is the fields you can expect to see.

And to get specific info you may want, dive deeper.

You can see above, I captured the software version of the core, its platform, and its IP address.  Nice!  Wireshark is a great tool to utilize.

1 comment:

  1. Good for linux/unix servers:

    tcpdump -nn -v -i -s 1500 -c 1 '(ether[12:2]=0x88cc or ether[20:2]=0x2000)'


Your comment will be reviewed for approval. Thank you for submitting your comments.