Thursday, July 20, 2006

Windows Command Line CDP Capture Utility

Cisco Discovery Packets (CDP) will give you a lot of valuable information if you can capture them: they will give you your IP, the switch your on, and the port on that switch you're connected to. When combined with a database that maps switch ports to datajack, you can directly locate where a computer is on your network.

The only problem is that capturing this little buggers is tough in Windows: CDPR will do it, as will Ethereal, but both require WinPcap to be installed. Luckily I found version of TCPDump for Windows thats built on the WinPCap SDK; this means the little 400k utility can capture CDP packets on a machine without any additional tools. You can get it from micoOLAP here. The manual page for WinDump (version of TCPDump that needs WinPCap ) can be found over here.

The final step is getting TCPDUMP to capture the CDP Packet. Command line we're using it "tcpdump -nn -v -s 1500 -c 1 ether[20:2] == 0x2000" (from another blog). It takes up to 60 seconds (depending on switch settings), but eventually pulls down the CDP Packet. I'll see if I can't wrangle up some VBS Login scripts to run it in a bit.


No comments: