This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.

Cisco Discovery Protocol (CDP)

CDP (Cisco Discovery Protocol) is a Cisco proprietary protocol that runs between direct connected network entities (routers, switches, remote access devices, firewalls, etc.). The purpose of the protocol is to supply a network entity with information about its direct connected neighbors.

History

XXX - add a brief description of CDP history

Protocol dependencies

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).

$ sudo tshark -i eth0 -V -f "ether host 01000ccccccc" -c 2
Capturing on eth0
Frame 1 (386 bytes on wire, 386 bytes captured)
    Arrival Time: Oct 27, 2005 17:51:50.282947000
    Time delta from previous packet: 0.000000000 seconds
    Time since reference or first frame: 0.000000000 seconds
    Frame Number: 1
    Packet Length: 386 bytes
    Capture Length: 386 bytes
    Protocols in frame: eth:llc:cdp:data
IEEE 802.3 Ethernet
    Destination: CDP/VTP (01:00:0c:cc:cc:cc)
    Source: Cisco_12:34:56 (00:07:85:12:34:56)
    Length: 372
Logical-Link Control
    DSAP: SNAP (0xaa)
    IG Bit: Individual
    SSAP: SNAP (0xaa)
    CR Bit: Command
    Control field: U, func=UI (0x03)
        000. 00.. = Command: Unnumbered Information (0x00)
        .... ..11 = Frame type: Unnumbered frame (0x03)
    Organization Code: Cisco (0x00000c)
    PID: CDP (0x2000)
Cisco Discovery Protocol
    Version: 2
    TTL: 180 seconds
    Checksum: 0xc2c3
    Device ID: LAN354802
        Type: Device ID (0x0001)
        Length: 13
        Device ID: LAN354802
    Addresses
        Type: Addresses (0x0002)
        Length: 17
        Number of addresses: 1
        IP address: 192.168.2.62
            Protocol type: NLPID
            Protocol length: 1
            Protocol: IP
            Address length: 4
            IP address: 192.168.2.62
    Port ID: FastEthernet0/7
        Type: Port ID (0x0003)
        Length: 19
        Sent through Interface: FastEthernet0/7
    Capabilities
        Type: Capabilities (0x0004)
        Length: 8
        Capabilities: 0x0000000a
            .... .... .... .... .... .... .... ...0 = Not a Router
            .... .... .... .... .... .... .... ..1. = Is  a Transparent Bridge
            .... .... .... .... .... .... .... .0.. = Not a Source Route Bridge
            .... .... .... .... .... .... .... 1... = Is  a Switch
            .... .... .... .... .... .... ...0 .... = Not a Host
            .... .... .... .... .... .... ..0. .... = Not IGMP capable
            .... .... .... .... .... .... .0.. .... = Not a Repeater
    Software Version
        Type: Software version (0x0005)
        Length: 225
        Software Version: Cisco Internetwork Operating System Software
                          IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5)WC8, RELEASE SOFTWARE (fc1)
                          Copyright (c) 1986-2003 by cisco Systems, Inc.
                          Compiled Thu 19-Jun-03 12:37 by antonino
    Platform: cisco WS-C3548-XL
        Type: Platform (0x0006)
        Length: 21
        Platform: cisco WS-C3548-XL
    Protocol Hello: Cluster Management
        Type: Protocol Hello (0x0008)
        Length: 36
        OUI: 0x00000C (Cisco)
        Protocol ID: 0x0112 (Cluster Management)
        Cluster Master IP: 0.0.0.0
        UNKNOWN (IP?): 0xFFFFFFFF (255.255.255.255)
        Version?: 0x01
        Sub Version?: 0x01
        Status?: 0x21
        UNKNOWN: 0xFF
        Cluster Commander MAC: 00:00:00:00:00:00
        Switch's MAC: 00:07:85:12:34:56
        UNKNOWN: 0xFF
        Management VLAN: 100
    VTP Management Domain: mynet
        Type: VTP Management Domain (0x0009)
        Length: 10
        VTP Management Domain: mynet
    Native VLAN: 105
        Type: Native VLAN (0x000a)
        Length: 6
        Native VLAN: 105
    Duplex: Full
        Type: Duplex (0x000b)
        Length: 5
        Duplex: Full
Frame 2 (95 bytes on wire, 95 bytes captured)
    Arrival Time: Oct 27, 2005 17:51:52.924645000
    Time delta from previous packet: 2.641698000 seconds
    Time since reference or first frame: 2.641698000 seconds
    Frame Number: 2
    Packet Length: 95 bytes
    Capture Length: 95 bytes
    Protocols in frame: eth:llc:data
IEEE 802.3 Ethernet
    Destination: CDP/VTP (01:00:0c:cc:cc:cc)
    Source: Cisco_12:34:56 (00:07:85:12:34:56)
    Length: 81
Logical-Link Control
    DSAP: SNAP (0xaa)
    IG Bit: Individual
    SSAP: SNAP (0xaa)
    CR Bit: Command
    Control field: U, func=UI (0x03)

Wireshark

The CDP dissector is fully functional (as far as I can tell). Also add info of additional Wireshark features where appropriate, like special statistics of this protocol.

Preference Settings

There are no CDP specific preference settings.

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

Display Filter

A complete list of CDP display filter fields can be found in the [http://www.wireshark.org/docs/dfref/c/cdp.html display filter reference]

Capture Filter

XXX - filter for SNAP OUI/PID pair?

Discussion

What does IFAICT means? Sounds like a disease :) - UlfLamping

Typo for AFAICT - As Far As I Can Tell? It should probably be replaced by the full phrase, if so (IMHO :-)), for the benefit of those not familiar with "AFAICT". - Guy Harris