CDP on Windows

matt79

I know they have the tools like the fluke that can read cdp information from switch ports. But what I am wondering is if there might be a product out there that would allow you to read cdp messages using a laptop with windows (or some OS.) I am sure there are some programs out there, but the program has to be official i.e. from CISCO, Microsoft or some equivalent software developer due to the location of the equipment.

Netwurk

Try wireshark

tiersten

What Netwurk said. Wireshark can decode CDP frames.

matt79

Netwurk wrote: »

Try wireshark

Thanks but the problem is that helpdesk is not that smart. They do not have any certs or anything so I wanted them to just be able to plug into a port and forward the information that popped up. While wireshark would be neat, it also would be to complicated for them

tndfr

matt79 wrote: »

I know they have the tools like the fluke that can read cdp information from switch ports. But what I am wondering is if there might be a product out there that would allow you to read cdp messages using a laptop with windows (or some OS.) I am sure there are some programs out there, but the program has to be official i.e. from CISCO, Microsoft or some equivalent software developer due to the location of the equipment.

i have my laptop plugged in and i can see all CDP hitting my card, it depends what you want to do with it? if it is just for information than just use wireshark, if it is to interact with CDP protocol however than use a programming language (this is one of my next projects).

i dont see how wireshark is complicated, just filter CDP (you can do a batch file that only filter CDP at startup), it is a great learning tool

tiersten

There is a CDP monitor tool available but I've never used it and the company is somebody I've never heard of. If they need to be "CISCO, Microsoft or some equivalent software developer" then you're going to find it difficult.

That said, if you can't trust the helpdesk to run Wirestart and do a filter then you're not going to want them messing around with your network ports anyway :P

Netwurk

So what's the goal here? Maybe you're trying to disable CDP on all devices and want to make sure it is not active anywhere on your intranet.

Could be a good goal if your network is properly documented, but CDP can be a very useful protocol. I would never turn it off in my lab, although I think all serious network gurus should know how to enable and/or disable it.

I keep CDP active in my home lab because I do tons of documentation at work and am too lazy to document my own lab. At home, a show cdp neighbors detail command helps me understand what my latest recabling project accomplished.



A friend of mine once had to help a hospital figure out how to keep their network going after their tech left for a better job. Luckily the old tech had kept CDP enabled on all devices and my buddy was able to keep the whole works going.

Your results may vary

Happy New Year TE friends!!!

matt79

Well helpdesk does not control the port. I just need them to be able to tell me what port they need me to work on. Or copy and paste the information and let me figure it out what port.

QHalo

matt79 wrote: »

Thanks but the problem is that helpdesk is not that smart. They do not have any certs or anything so I wanted them to just be able to plug into a port and forward the information that popped up. While wireshark would be neat, it also would be to complicated for them

What's wrong with them plugging in a machine and giving you the MAC of the NIC? All I've ever needed to find a port in a switch. Either that or look at the label on the port on the floor.

matt79

QHalo wrote: »

What's wrong with them plugging in a machine and giving you the MAC of the NIC? All I've ever needed to find a port in a switch. Either that or look at the label on the port on the floor.

If the port is in a secure vlan I would have to search every switch for the MAC address. We have thousands of users and hundreds of remote posts, so that would take way to long. As for the label on the port, they have been modified so much that it really does not mean anything, just because it says Wiring closet 1 Switch Unit 2 port G0/39. It could be and is most likely wrong.

Daniel333

I am starting to think this is more a politics and training issue really.

Surely you can trust your help desk people or at least one of them with an exec password? Sit down and show them some commands and diagrams. Might be a good opportunity to mentor.

If you can't then, I wouldn't trust even near the switches at all.

Let us know how this works out. I am really curious.

tndfr

i really dont understand, if they give you the MAC address or the ip address surely you can narrow it down to the nearest switch where you can check the mac table...?

like i said before, wireshark is not a dark art, any one can use it:

launch it
start Interface monitring
WATCH the screen!


if you really dont trust with this, do the following:


write a batch file that takes a 5 minute capture using wireshark and putt the result in a folder where you can access it (or even email it to you)!

Heero

tndfr wrote: »

i really dont understand, if they give you the MAC address or the ip address surely you can narrow it down to the nearest switch where you can check the mac table...?

I'll play devil's advocate here. To find mac address, machine has to be on (5 min aging time on CAM table), and hunting down a mac address takes time, especially on larger networks. You can narrow it down to Layer 3 segment easily with IP. With MAC address, he could have to hunt through several switches to find the originating switch, depending on the environment.

With CDP, you could potentially just plug a laptop into the port and have it display switch name and port.

tndfr wrote: »

like i said before, wireshark is not a dark art, any one can use it:

launch it
start Interface monitring
WATCH the screen!


if you really dont trust with this, do the following:


write a batch file that takes a 5 minute capture using wireshark and putt the result in a folder where you can access it (or even email it to you)!

He could most certainly leverage wireshark for this. I'm not sure about command line arguements you can pass when you invoke wireshark.exe, but i bet you could come up with a launcher that launches wireshark with a filter for only CDP. Should only be CDP from one source on an access switchport, so just open first packet and see name/switchport.

tiersten

If all you want is it to display the CDP info for port and switch name then the tool I linked to above should do it.

If you want a project then get the winpcap library and start coding up a simple app that just displays the relevant data. It shouldn't be too difficult as pcap has a simple interface and CDP isn't a complex protocol. The advanced version would also support LLDP

Heero

tiersten wrote: »

If all you want is it to display the CDP info for port and switch name then the tool I linked to above should do it.

If you want a project then get the winpcap library and start coding up a simple app that just displays the relevant data. It shouldn't be too difficult as pcap has a simple interface and CDP isn't a complex protocol. The advanced version would also support LLDP

I checked it out, the grammar on the website is bad, which makes it look kinda bad. Not that I would care, but if he needs "official" software due to security/management requirements, wireshark with the proper filter may be a better choice. Honestly though, I might just write my own program to display the info. Doesn't seem too hard.

OP, there have been several options presented here. Pick what you want and roll with it.

matt79

Heero wrote: »

OP, there have been several options presented here. Pick what you want and roll with it.

Yeah I think that is what I am gonna have to do. The problem with using arp/mac address is the secure vlan is local only to the switch for security reasons. So searching every switche's mac database would take hours. I might just tell help desk that they need to send some of there staff to me for some mandatory wireshark training. That should be fun