Skip to content

Instantly share code, notes, and snippets.

@tcpdump-examples

tcpdump-examples/tcpdump-cdp.md

Last active February 15, 2021 09:40
Show Gist options
  • Save tcpdump-examples/f1f357e695c9da6bf332d95a794a48c5 to your computer and use it in GitHub Desktop.
Save tcpdump-examples/f1f357e695c9da6bf332d95a794a48c5 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
tcpdump-cdp.md

How to use tcpdump to capture CDP or LLDP packet?

tcpdump -v -s 1500 -c 1 '(ether[12:2]=0x88cc or ether[20:2]=0x2000)'

How to use tcpdump to filter CDP packet?

This will often show you the uplink Cisco chassis switch info like the native vlan, port info, device name, serial name etc.

tcpdump -v -s 1500 -c 1 'ether[20:2] == 0x2000'

-s 1500 capture 1500 bytes of the packet (typical MTU size)

ether[20:2] == 0x2000 - Capture only packets that are starting at byte 20, and have a 2 byte value of hex 2000

Source: how to filter CDP LLDP packets?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment