The discovery protocols CDP – Cisco Discovery Protocol, and LLDP – Link Layer Discovery Protocol – are both highly valuable assistance in network configuration and troubleshooting. These protocols are constructed to only be sent on the link between exactly two devices, i.e., they are not forwarded on through the network. Instead, they are designed to provide information of the immediate “neighbors” of devices like switches, routers, and firewalls.
If you have a physical Windows Server, or a wired Windows client, it can at times be useful to detect the physical cable connection point. This can, for example, be helpful when cooperating with the network team.
Normally, a Windows administrator have very limited access to any potential CDP or LLDP information sent from the physical network. However, using the built-in tool PKTMON, we can gain full insight and “discover” our own position in the network.
See this page for the full list of articles of all the features of PKTMON.
If being uncertain if LLDP or CDP is enabled in your network, add a filter for both protocols. (It is also possible that neither are enabled, or is only enabled on specific ports, e.g., to other switches.)
Start with clearing any current filters and add the new:
pktmon filter remove
pktmon filter add "CDP" -m 01-00-0C-CC-CC-CC
pktmon filter add "LLDP" -d LLDP
Verify the applied filters:
pktmon filter list
Acquire the ID number for the Network Interface Card:
pktmon comp list
If we are only looking for the name of the physical switch, we can observe the results directly on the command line:
pktmon start -c -m rt -s 16 --pkt-size 0 --comp <INTERFACE-ID>
Above, basic output from a CDP frame. (Captured in an isolated lab environment.)
Above, basic output from a LLDP frame. (Captured in an isolated lab environment.)
As displayed, we can see some limited amount of information in the real-time mode on the command line. If we wish to acquire further details, such as the specific switch port we are connected to, we must use a slightly different approach with PKTMON.
As before, ensure we have the network id number available (pktmon comp list), as well as having the correct filters applied:
pktmon filter remove
pktmon filter add “CDP” -m 01-00-0C-CC-CC-CC
pktmon filter add “LLDP” -d LLDP
Now start the capture with the following command:
pktmon start -c --pkt-size 0 -f CDP.etl --comp <INTERFACE-ID>
(The file specified with -f could be named anything.)
pktmon counters --live --refresh-rate 1
Wait until the counters are no longer zero. When at least one packet have been received, stop the capture with:
Now, we will convert the captured data into a readable format. The pktmon etl2txt command can convert the ETL file into a text file version.
pktmon etl2txt CDP.etl -o CDP-v1.txt -v 1
First specify the name of file with the file you have already captured, e.g., CDP.etl, and use the -o the name the output text file.
The -v 1 is necessary to increase the verbose-level for the LLDP / CDP data are to be visible.
You will now have a text file in the same working directory. Open this file with Notepad and you should be able to see the detailed LLDP / CDP data:
Text file data for CDP. Note the various detailed information, including the switch name and switch port-ID. (Data from an isolated lab environment.)
Text file data for LLDP. Note the various detailed information, including the switch system name and switch port number. (Data from an isolated lab environment.)
For advanced DNS troubleshooting with PKTMON, please see this article.