CDP Pakete abfangen:
tcpdump -i eth1 -s 1500 -v 'ether[20:2] == 0x2000'
LLDP Pakete abfangen:
tcpdump -i eth1 -s 1500 -v 'ether proto 0x88cc'
Beispiel: LLDP und Pakete
herbert@mg-it-mon:~# tcpdump -i eth1 -v -s 1500 '(ether[12:2]=0x88cc or ether[20:2]=0x2000)' tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 1500 bytes 16:42:04.836785 LLDP, length 78 Chassis ID TLV (1), length 6 Subtype Network address (5): AFI IPv4 (1): 172.16.42.100 Port ID TLV (2), length 7 Subtype MAC address (3): 00:1a:e8:51:a8:26 (oui Unknown) Time to Live TLV (3), length 2: TTL 120s System Capabilities TLV (7), length 4 System Capabilities [Bridge, Telephone] (0x0024) Enabled Capabilities [Telephone] (0x0020) Organization specific TLV (127), length 9: OUI IEEE 802.3 Private (0x00120f) MAC/PHY configuration/status Subtype (1) autonegotiation [supported, enabled] (0x03) PMD autoneg capability [10BASE-T hdx, 10BASE-T fdx, 100BASE-TX hdx, 100BASE-TX fdx] (0x6c00) MAU type 100BASETX fdx (0x0010) Organization specific TLV (127), length 7: OUI ANSI/TIA (0x0012bb) LLDP-MED Capabilities Subtype (1) Media capabilities [LLDP-MED capabilities, network policy, extended power via MDI-PD] (0x0013) Device type [endpoint class 3] (0x03) Organization specific TLV (127), length 8: OUI ANSI/TIA (0x0012bb) Network policy Subtype (2) Application type [voice] (0x01), Flags [Tagged] Vlan id 901, L2 priority 5, DSCP value 46 Organization specific TLV (127), length 8: OUI ANSI/TIA (0x0012bb) Network policy Subtype (2) Application type [voice signaling] (0x02), Flags [Tagged] Vlan id 901, L2 priority 3, DSCP value 26 Organization specific TLV (127), length 7: OUI ANSI/TIA (0x0012bb) Extended power-via-MDI Subtype (4) Power type [PD device], Power source [none] Power priority [critical] (0x01), Power 4.4 Watts End TLV (0), length 0 16:42:07.338619 CDPv2, ttl: 180s, checksum: 692 (unverified), length 464 Device-ID (0x01), length: 19 bytes: 'switch-01.mg-it.net' Version String (0x05), length: 248 bytes: Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 12.2(58)SE2, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2011 by Cisco Systems, Inc. Compiled Thu 21-Jul-11 02:22 by prod_rel_team Platform (0x06), length: 23 bytes: 'cisco WS-C2960S-48FPS-L' Address (0x02), length: 13 bytes: IPv4 (1) 172.16.24.10 Port-ID (0x03), length: 21 bytes: 'GigabitEthernet2/0/40' Capability (0x04), length: 4 bytes: (0x00000028): L2 Switch, IGMP snooping Protocol-Hello option (0x08), length: 32 bytes: VTP Management Domain (0x09), length: 7 bytes: 'mgitdom02' Native VLAN ID (0x0a), length: 2 bytes: 16 Duplex (0x0b), length: 1 byte: full ATA-186 VoIP VLAN request (0x0e), length: 3 bytes: app 1, vlan 42 AVVID trust bitmap (0x12), length: 1 byte: 0x00 AVVID untrusted ports CoS (0x13), length: 1 byte: 0x00 Management Addresses (0x16), length: 13 bytes: IPv4 (1) 172.16.24.10 unknown field type (0x1a), length: 12 bytes: 0x0000: 0000 0001 0000 1b58 ffff ffff 16:42:20.305995 LLDP, length 523 Chassis ID TLV (1), length 7 Subtype MAC address (4): cc:d5:39:33:46:00 (oui Unknown) Port ID TLV (2), length 9 Subtype Interface Name (5): Gi2/0/40 Time to Live TLV (3), length 2: TTL 120s System Name TLV (5), length 19: switch-01.mg-it.net System Description TLV (6), length 248 Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 12.2(58)SE2, RELEASE SOFTWARE (fc1)\0x0aTechnical Support: http://www.cisco.com/techsupport\0x0aCopyright (c) 1986-2011 by Cisco Systems, Inc.\0x0aCompiled Thu 21-Jul-11 02:22 by prod_rel_team Port Description TLV (4), length 21: GigabitEthernet2/0/40 System Capabilities TLV (7), length 4 System Capabilities [Bridge, Router] (0x0014) Enabled Capabilities [Bridge] (0x0004) Management Address TLV (8), length 12 Management Address length 5, AFI IPv4 (1): 172.42.24.10 System Port Number Interface Numbering (3): 0 Organization specific TLV (127), length 7: OUI ANSI/TIA (0x0012bb) LLDP-MED Capabilities Subtype (1) Media capabilities [LLDP-MED capabilities, network policy, location identification, extended power via MDI-PSE, Inventory] (0x002f) Device type [network connectivity] (0x04) Organization specific TLV (127), length 34: OUI ANSI/TIA (0x0012bb) Inventory - hardware revision Subtype (5) Hardware revision WS-C2960S-48FPS-L (PowerPC):E0 Organization specific TLV (127), length 15: OUI ANSI/TIA (0x0012bb) Inventory - software revision Subtype (7) Software revision 12.2(58)SE2 Organization specific TLV (127), length 23: OUI ANSI/TIA (0x0012bb) Inventory - manufacturer name Subtype (9) Manufacturer name Cisco Systems, Inc. Organization specific TLV (127), length 21: OUI ANSI/TIA (0x0012bb) Inventory - model name Subtype (10) Model name WS-C2960S-48FPS-L Organization specific TLV (127), length 8: OUI ANSI/TIA (0x0012bb) Network policy Subtype (2) Application type [voice] (0x01), Flags [Tagged] Vlan id 901, L2 priority 5, DSCP value 46 Organization specific TLV (127), length 8: OUI ANSI/TIA (0x0012bb) Network policy Subtype (2) Application type [voice signaling] (0x02), Flags [reserved] Vlan id 0, L2 priority 0, DSCP value 0 Organization specific TLV (127), length 7: OUI ANSI/TIA (0x0012bb) Extended power-via-MDI Subtype (4) Power type [PD device], Power source [PSE - primary power source] Power priority [low] (0x03), Power 4.4 Watts Organization specific TLV (127), length 9: OUI ANSI/TIA (0x0012bb) Location identification Subtype (3) Location data format civic address LCI (0x02) Organization specific TLV (127), length 6: OUI Ethernet bridged (0x0080c2) Port VLAN Id Subtype (1) port vlan id (PVID): 16 Organization specific TLV (127), length 9: OUI IEEE 802.3 Private (0x00120f) MAC/PHY configuration/status Subtype (1) autonegotiation [supported, enabled] (0x03) PMD autoneg capability [10BASE-T hdx, 10BASE-T fdx, 100BASE-TX hdx, 100BASE-TX fdx, 1000BASE-T fdx] (0x6c01) MAU type 100BASETX fdx (0x0010) Organization specific TLV (127), length 12: OUI IEEE 802.3 Private (0x00120f) Power via MDI Subtype (2) MDI power support [PSE], power pair signal, power class class2 End TLV (0), length 0 16:42:34.846208 LLDP, length 78 Chassis ID TLV (1), length 6 Subtype Network address (5): AFI IPv4 (1): 172.16.42.100 Port ID TLV (2), length 7 Subtype MAC address (3): 00:1a:e8:51:a8:26 (oui Unknown) Time to Live TLV (3), length 2: TTL 120s System Capabilities TLV (7), length 4 System Capabilities [Bridge, Telephone] (0x0024) Enabled Capabilities [Telephone] (0x0020) Organization specific TLV (127), length 9: OUI IEEE 802.3 Private (0x00120f) MAC/PHY configuration/status Subtype (1) autonegotiation [supported, enabled] (0x03) PMD autoneg capability [10BASE-T hdx, 10BASE-T fdx, 100BASE-TX hdx, 100BASE-TX fdx] (0x6c00) MAU type 100BASETX fdx (0x0010) Organization specific TLV (127), length 7: OUI ANSI/TIA (0x0012bb) LLDP-MED Capabilities Subtype (1) Media capabilities [LLDP-MED capabilities, network policy, extended power via MDI-PD] (0x0013) Device type [endpoint class 3] (0x03) Organization specific TLV (127), length 8: OUI ANSI/TIA (0x0012bb) Network policy Subtype (2) Application type [voice] (0x01), Flags [Tagged] Vlan id 901, L2 priority 5, DSCP value 46 Organization specific TLV (127), length 8: OUI ANSI/TIA (0x0012bb) Network policy Subtype (2) Application type [voice signaling] (0x02), Flags [Tagged] Vlan id 901, L2 priority 3, DSCP value 26 Organization specific TLV (127), length 7: OUI ANSI/TIA (0x0012bb) Extended power-via-MDI Subtype (4) Power type [PD device], Power source [none] Power priority [critical] (0x01), Power 4.4 Watts End TLV (0), length 0 4 packets captured 4 packets received by filter 0 packets dropped by kernel herbert@mg-it-mon:~#