This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 7 and 8
Revision 7 as of 2005-10-28 16:23:33
Size: 6151
Editor: ylin1
Comment:
Revision 8 as of 2005-10-28 23:25:05
Size: 6221
Editor: UlfLamping
Comment: What does IFAICT means?
Deletions are marked like this. Additions are marked like this.
Line 172: Line 172:

What does IFAICT means? Sounds like a disease :-) - ''UlfLamping''

Cisco Discovery Protocol (CDP)

CDP (Cisco Discovery Protocol) is a Cisco proprietary protocol that runs between direct connected network entities (routers, switches, remote access devices, firewalls, etc.). The purpose of the protocol is to supply a network entity with information about its direct connected neighbors.

History

XXX - add a brief description of CDP history

Protocol dependencies

  • ["LLC"]/["SNAP"]: CDP is encapsulated as LLC/SNAP with an OUI of 0x00000C and a protocol ID of 0x2000.
  • ["Cisco HDLC"]: CDP is encapsulated over Cisco HDLC with a protocol type of 0x2000.
  • ["PPP"]: CDP is encapsulated over PPP with a protocol type of 0x0207.

Example traffic

XXX - Add example traffic here (as plain text or Ethereal screenshot).

$ sudo tethereal -i eth0 -V -f "ether host 01000ccccccc" -c 2
Capturing on eth0
Frame 1 (386 bytes on wire, 386 bytes captured)
    Arrival Time: Oct 27, 2005 17:51:50.282947000
    Time delta from previous packet: 0.000000000 seconds
    Time since reference or first frame: 0.000000000 seconds
    Frame Number: 1
    Packet Length: 386 bytes
    Capture Length: 386 bytes
    Protocols in frame: eth:llc:cdp:data
IEEE 802.3 Ethernet
    Destination: CDP/VTP (01:00:0c:cc:cc:cc)
    Source: Cisco_12:34:56 (00:07:85:12:34:56)
    Length: 372
Logical-Link Control
    DSAP: SNAP (0xaa)
    IG Bit: Individual
    SSAP: SNAP (0xaa)
    CR Bit: Command
    Control field: U, func=UI (0x03)
        000. 00.. = Command: Unnumbered Information (0x00)
        .... ..11 = Frame type: Unnumbered frame (0x03)
    Organization Code: Cisco (0x00000c)
    PID: CDP (0x2000)
Cisco Discovery Protocol
    Version: 2
    TTL: 180 seconds
    Checksum: 0xc2c3
    Device ID: LAN354802
        Type: Device ID (0x0001)
        Length: 13
        Device ID: LAN354802
    Addresses
        Type: Addresses (0x0002)
        Length: 17
        Number of addresses: 1
        IP address: 192.168.2.62
            Protocol type: NLPID
            Protocol length: 1
            Protocol: IP
            Address length: 4
            IP address: 192.168.2.62
    Port ID: FastEthernet0/7
        Type: Port ID (0x0003)
        Length: 19
        Sent through Interface: FastEthernet0/7
    Capabilities
        Type: Capabilities (0x0004)
        Length: 8
        Capabilities: 0x0000000a
            .... .... .... .... .... .... .... ...0 = Not a Router
            .... .... .... .... .... .... .... ..1. = Is  a Transparent Bridge
            .... .... .... .... .... .... .... .0.. = Not a Source Route Bridge
            .... .... .... .... .... .... .... 1... = Is  a Switch
            .... .... .... .... .... .... ...0 .... = Not a Host
            .... .... .... .... .... .... ..0. .... = Not IGMP capable
            .... .... .... .... .... .... .0.. .... = Not a Repeater
    Software Version
        Type: Software version (0x0005)
        Length: 225
        Software Version: Cisco Internetwork Operating System Software
                          IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5)WC8, RELEASE SOFTWARE (fc1)
                          Copyright (c) 1986-2003 by cisco Systems, Inc.
                          Compiled Thu 19-Jun-03 12:37 by antonino
    Platform: cisco WS-C3548-XL
        Type: Platform (0x0006)
        Length: 21
        Platform: cisco WS-C3548-XL
    Protocol Hello: Cluster Management
        Type: Protocol Hello (0x0008)
        Length: 36
        OUI: 0x00000C (Cisco)
        Protocol ID: 0x0112 (Cluster Management)
        Cluster Master IP: 0.0.0.0
        UNKNOWN (IP?): 0xFFFFFFFF (255.255.255.255)
        Version?: 0x01
        Sub Version?: 0x01
        Status?: 0x21
        UNKNOWN: 0xFF
        Cluster Commander MAC: 00:00:00:00:00:00
        Switch's MAC: 00:07:85:12:34:56
        UNKNOWN: 0xFF
        Management VLAN: 100
    VTP Management Domain: mynet
        Type: VTP Management Domain (0x0009)
        Length: 10
        VTP Management Domain: mynet
    Native VLAN: 105
        Type: Native VLAN (0x000a)
        Length: 6
        Native VLAN: 105
    Duplex: Full
        Type: Duplex (0x000b)
        Length: 5
        Duplex: Full

Frame 2 (95 bytes on wire, 95 bytes captured)
    Arrival Time: Oct 27, 2005 17:51:52.924645000
    Time delta from previous packet: 2.641698000 seconds
    Time since reference or first frame: 2.641698000 seconds
    Frame Number: 2
    Packet Length: 95 bytes
    Capture Length: 95 bytes
    Protocols in frame: eth:llc:data
IEEE 802.3 Ethernet
    Destination: CDP/VTP (01:00:0c:cc:cc:cc)
    Source: Cisco_12:34:56 (00:07:85:12:34:56)
    Length: 81
Logical-Link Control
    DSAP: SNAP (0xaa)
    IG Bit: Individual
    SSAP: SNAP (0xaa)
    CR Bit: Command
    Control field: U, func=UI (0x03)  

Ethereal

The CDP dissector is fully functional (IFAICT). Also add info of additional Ethereal features where appropriate, like special statistics of this protocol.

Preference Settings

There are no CDP specific preference settings.

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Ethereal can open gzipped files automatically.

  • attachment:SampleCaptures/cdp.pcap

Display Filter

A complete list of CDP display filter fields can be found in the [http://www.ethereal.com/docs/dfref/c/cdp.html display filter reference]

  • Show only the CDP based traffic:

     cdp 

Capture Filter

XXX - filter for SNAP OUI/PID pair?

  • Capture only the CDP traffic:

     ether host 01000ccccccc 

Discussion

What does IFAICT means? Sounds like a disease :-) - UlfLamping

CDP (last edited 2013-05-06 19:20:28 by clementc)