Quite useful for when you need to confirm the port but don't fancy a trip to the datacenter.
tcpdump -c1 -s0 -XX 'ether[20:2]=0x2000'The tcpdump flags are:
-c count, capture 1 packetSample output follows showing that we're patched into FastEthernet2/0/11 on a 24 port Cisco Catalyst 3750 running IOS 12.2:
-s snaglen, 0 don't use an offset
-XX hex and ASCII packet data, including header
ether[20:2]=0x2000 bytes 20 to 21 of the ethernet header, value of 2000 for CDP
[root@canard ~]# tcpdump -c1 -s0 -XX 'ether[20:2]=0x2000'My Linux tcpdump version was 'ported' from the equivalent Solaris snoop command.
13:01:38.634910 CDPv2, ttl: 180s, Device-ID 'sw01.klime', length 409
... snip ...
0x0040: 0005 00c5 4369 7363 6f20 494f 5320 536f ....Cisco.IOS.So
0x0050: 6674 7761 7265 2c20 4333 3735 3020 536f ftware,.C3750.So
0x0060: 6674 7761 7265 2028 4333 3735 302d 4144 ftware.(C3750-AD
0x0070: 5649 5053 4552 5649 4345 534b 392d 4d29 VIPSERVICESK9-M)
0x0080: 2c20 5665 7273 696f 6e20 3132 2e32 2834 ,.Version.12.2(4
0x0090: 3429 5345 322c 2052 454c 4541 5345 2053 4)SE2,.RELEASE.S
0x00a0: 4f46 5457 4152 4520 2866 6332 290a 436f OFTWARE.(fc2).Co
0x00b0: 7079 7269 6768 7420 2863 2920 3139 3836 pyright.(c).1986
0x00c0: 2d32 3030 3820 6279 2043 6973 636f 2053 -2008.by.Cisco.S
0x00d0: 7973 7465 6d73 2c20 496e 632e 0a43 6f6d ystems,.Inc..Com
0x00e0: 7069 6c65 6420 5468 7520 3031 2d4d 6179 piled.Thu.01-May
0x00f0: 2d30 3820 3135 3a34 3220 6279 2061 6e74 -08.15:42.by.ant
0x0100: 6f6e 696e 6f00 0600 1663 6973 636f 2057 onino....cisco.W
0x0110: 532d 4333 3735 302d 3234 5000 0200 1100 S-C3750-24P.....
0x0120: 0000 0101 01cc 0004 c0a8 05fc 0003 0016 ................
0x0130: 4661 7374 4574 6865 726e 6574 322f 302f FastEthernet2/0/
0x0140: 3131 0004 0008 0000 0029 0008 0024 0000 11.......)...$..
0x0150: 0c01 1200 0000 00ff ffff ff01 0221 ff00 .............!..
... snip ...
FYI, the Solaris version is:
ReplyDeletesnoop -d <interface> -s 1500 -x0 -c 1 'ether[20:2] = 0x2000'