Finding Cisco connected port from Microsoft Windows PC

While working on a solution to see which switch port a workstation is connected to, stumble upon a tool which is well know in the unix arena. TCPDUMP is a powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture. We’ll find out which Cisco device port are we connect by sniffing for the Cisco CDP (Cisco Discovery Protocol) packet.

* This will ONLY work IF Cisco CDP (Cisco Discovery Protocol) is enable

Grab a copy of the tcpdump for Windows from MicroOLAP Technologies LTD [LINK]

tcpdump is command line based packet analyser, so first thing is to find out the existing interface which we can sniff on

# tcpdump.exe -D

Results

1.\Device\PssdkLoopback (PSSDK Loopback Ethernet Emulation Adapter)
2.\Device\{51F48243-7638-4D19-A5D6-D6E4B2430CE3} (Intel(R) WiFi Link 5300 AGN)
3.\Device\{64BF6540-245E-4603-80AC-4BFB78FF96EA} (Intel(R) 82567LM Gigabit Network Connection)
4.\Device\{3461BC46-0503-45BC-861C-1F2537B1848F} (Microsoft Loopback Adapter)
5.\Device\{9383DFAF-7DA7-471C-BA33-D895A468E89C} (VirtualBox Host-Only Ethernet Adapter)

* I am using #4 because I tested it using GNS3 via Microsoft Loopback Adapter

The proceed to start the tcpdump to listen on the interface #4 and look for the Cisco CDP packet

# tcpdump -i 4 -nn -v -s 1500 -c 1 ether[20:2] == 0×2000

Upon detecting the Cisco CDP packet, tcpdump stops and you’ll get the following

tcpdump: listening on \Device\{3461BC46-0503-45BC-861C-1F2537B1848F}
16:20:44.974314 CDPv2, ttl: 180s, checksum: 692 (unverified), length 334
Device-ID (0×01), length: 6 bytes: ‘Router’
Version String (0×05), length: 249 bytes:
Cisco IOS Software, 2600 Software (C2691-ADVENTERPRISEK9-M), Version 12.4(15)T13, RELEASE
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Wed 07-Apr-10 11:05 by prod_rel_team
Platform (0×06), length: 10 bytes: ‘Cisco 2691′
Address (0×02), length: 13 bytes: IPv4 (1) 10.0.1.20
Port-ID (0×03), length: 15 bytes: ‘FastEthernet0/0′
Capability (0×04), length: 4 bytes: (0×00000029): Router, L2 Switch, IGMP snooping
VTP Management Domain (0×09), length: 0 byte: ”
1 packets captured
4 packets received by filter
0 packets dropped by kernel

March 31, 2011 | Filed Under Network | Leave a Comment 
Your Ad Here

Next Page →

server space web hosting transition backup Tech Ed SEA 2008 Tech·Ed SEA 2008 Limited Edition T-shirt MPLS freebies Microsoft TechEd SEA 2008 IP Bgp hosting Wine Registry Tweak blogging VMware phishing DHCP contest Putty Freeware Photography router Security Ubuntu Linux Cisco Microsoft Network