UPDATE: Checkout and download my CDP client for Windows over on github
Lets face it. We have all been there; "where does this network cable / uplink / port go?"
Until now, it has been a matter of looking up cable numbers in databases, fiddling about in the back of server and network racks or worst case - sending the smallest guy down to play hunchback in the windy air conditioned gloom under the floor.
There must be a better way to tell where a network cable goes to without having to go to all that trouble every time...
Well there is. It's called Cisco Discovery Protocol (CDP). From Wikipedia:
In other words, CDP packets will give you a lot of valuable information if you can capture them. They will give you all the details of the Cisco switch your on and the port on that switch you're connected to. Of course as CDP is proprietary, you typically won't find it anywhere else other than on Cisco networking kit.
However, VMware knew all about this "trace the cable game" when they where putting together ESX and ESXi v3.5. VMware's solution was to build in support for CDP on all physical network interfaces of the ESX Hypervisor:
Well, this was a revelation! For the first time us server techies can check up on the networks techies. Not only could we tell instantly where a network cable was plugged in, we could tell them if it was in the wrong place too! [bwah ha haaa - rubs hands in a maniacal way!]
Of course this is OK for VMware Hypervisors and Linux based servers / desktops but what about Windows servers / desktops?
Capturing CDP is tough in Windows: CDPR will do it, as will Wireshark, but both require WinPcap to be installed. This isn't really practical as potentially I want to find CDP data without installing any additional software or rebooting the host (WinPcap requires a reboot).
The Solution - TCPDump
I've found a version of TCPDump for Windows that was built on the WinPCap SDK; this means this little 500k utility can capture CDP packets on a machine without any additional tools. What's more, as it's shipped as single command line .exe file, it's portable meaning it can be run from a USB stick, a batchfile, etc.
You can get this updated version of TCPDump from micoOLAP
Using TCPDump
Quite simple, but don't be put off by the plethora of switches.
Firstly you need to find the interface number of the network adaptor you are trying to find CDP data for. Use this command:
This will provide you information similar to this:
I'm interested in capturing data from my HP NC7782 Gigabit Adaptor; interface 2.
So lets run the command and capture some CDP data! Here is the command:
Breaking this down:
Here is what output looks like:
Excellent.
Oh and by the way, tell the apprentice he can come out from under the computer room floor now, we know where these cables go.
*** UPDATE: 4 May 2010 ***
Here is the batch file I use to list adaptors, prompt for adaptor number and then run tcpdump on that adaptor:
- Chris
Lets face it. We have all been there; "where does this network cable / uplink / port go?"
Until now, it has been a matter of looking up cable numbers in databases, fiddling about in the back of server and network racks or worst case - sending the smallest guy down to play hunchback in the windy air conditioned gloom under the floor.
There must be a better way to tell where a network cable goes to without having to go to all that trouble every time...
Well there is. It's called Cisco Discovery Protocol (CDP). From Wikipedia:
The Cisco Discovery Protocol (CDP) is a proprietary Data Link Layer network protocol developed by Cisco Systems that is implemented in most Cisco networking equipment and is used to share information about other directly connected Cisco equipment, such as the operating system version and IP address.
In other words, CDP packets will give you a lot of valuable information if you can capture them. They will give you all the details of the Cisco switch your on and the port on that switch you're connected to. Of course as CDP is proprietary, you typically won't find it anywhere else other than on Cisco networking kit.
However, VMware knew all about this "trace the cable game" when they where putting together ESX and ESXi v3.5. VMware's solution was to build in support for CDP on all physical network interfaces of the ESX Hypervisor:
VMware CDP in action
Well, this was a revelation! For the first time us server techies can check up on the networks techies. Not only could we tell instantly where a network cable was plugged in, we could tell them if it was in the wrong place too! [bwah ha haaa - rubs hands in a maniacal way!]
Of course this is OK for VMware Hypervisors and Linux based servers / desktops but what about Windows servers / desktops?
Capturing CDP is tough in Windows: CDPR will do it, as will Wireshark, but both require WinPcap to be installed. This isn't really practical as potentially I want to find CDP data without installing any additional software or rebooting the host (WinPcap requires a reboot).
The Solution - TCPDump
I've found a version of TCPDump for Windows that was built on the WinPCap SDK; this means this little 500k utility can capture CDP packets on a machine without any additional tools. What's more, as it's shipped as single command line .exe file, it's portable meaning it can be run from a USB stick, a batchfile, etc.
You can get this updated version of TCPDump from micoOLAP
Using TCPDump
Quite simple, but don't be put off by the plethora of switches.
Firstly you need to find the interface number of the network adaptor you are trying to find CDP data for. Use this command:
tcpdump -D
This will provide you information similar to this:
TCPDump Listing Interfaces
I'm interested in capturing data from my HP NC7782 Gigabit Adaptor; interface 2.
So lets run the command and capture some CDP data! Here is the command:
tcpdump -i 2 -nn -v -s 1500 -c 1 ether[20:2] == 0x2000
Breaking this down:
- -i 2 = interface 2
- -nn = not resolving dns or port numbers
- -v = verbose mode
- -s 1500 = snagging up to 1500 bytes of the CDP packet
- -c 1 = capture one packet before exiting
- ether[20:2] == 0x2000 = checking bytes 20 and 21 from the start of the ethernet header for a value of 2000 (hex)
Here is what output looks like:
CDP Data in Windows!
Excellent.
Oh and by the way, tell the apprentice he can come out from under the computer room floor now, we know where these cables go.
*** UPDATE: 4 May 2010 ***
Here is the batch file I use to list adaptors, prompt for adaptor number and then run tcpdump on that adaptor:
@echo off
tcpdump -D
echo.
echo.
echo.
Set /P adaptor=Please Enter Adaptor Number to Listen on:
tcpdump -i %adaptor% -nn -v -s 1500 -c 1 ether[20:2] == 0x2000
pause
- Chris