# Tuesday, September 30, 2008
Using CDP to find what Switch Port you are plugged into

Cisco Discovery Protocol or CDP is a proprietary protocol developed by Cisco that allows Cisco devices to share information with other directly connected Cisco equipment [More Info]. The CDP protocol has some really useful information in it such as the IP of the device, the port you're attached to and even VLAN information. This is really helpful when you want to find out which switch port you are connected to without leaving your desk.

Firstly go to WinPcap site and download WinPcap and WinDump. After installing WinPcap I placed windump.exe in C:\Tools with the rest of my toolkit.

The procedure to find your switch port is:
Run windump.exe -D

C:\Tools>windump -D
1.\Device\NPF_{DAA1C207-9CDF-4FB9-92B6-162E447B55EF} (MS Tunnel Interface Driver)
2.\Device\NPF_{D47A6165-BF3D-47FE-B3AD-59A97CDE2A60} (Microsoft)
3.\Device\NPF_{AD370DA2-E8A2-47EA-9AA5-10B152DED150} (Intel(R) 82566MM Gigabit Network Connection)

Remembering the interface number run windump -nn -v -i 3 -s 1500 -c 1 ether[20:2] == 0x2000"
** -i 3 is your interface number, so to listen on the first interface use -i 1.

15:50:45.039275 CDPv2, ttl: 180s, checksum: 692 (unverified), length 384
        Device-ID (0x01), length: 27 bytes: '16-C4506.domain.com.'
        Version String (0x05), length: 251 bytes:
          Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000-I9S-M), Version 12.2(25)EWA8, RELEASE SOFTWARE (fc1)
          Technical Support: http://www.cisco.com/techsupport
          Copyright (c) 1986-2007 by Cisco Systems, Inc.
          Compiled Wed 24-Jan-07 14:38 by pwade
        Platform (0x06), length: 14 bytes: 'cisco WS-C4506'
        Address (0x02), length: 13 bytes: IPv4 (1) 172.16.3.100
        Port-ID (0x03), length: 19 bytes: 'GigabitEthernet5/32'
        Capability (0x04), length: 4 bytes: (0x00000029): Router, L2 Switch, IGMP snooping
        VTP Management Domain (0x09), length: 3 bytes: 'bdo'
        Native VLAN ID (0x0a), length: 2 bytes: 1
        Duplex (0x0b), length: 1 byte: full
        AVVID trust bitmap (0x12), length: 1 byte: 0x00
        AVVID untrusted ports CoS (0x13), length: 1 byte: 0x00
1 packets captured
602 packets received by filter
0 packets dropped by kernel

And there you have it! You can see Port-ID and Native VLAN ID are your Port and VLAN information.

Networking
posted on Tuesday, September 30, 2008 3:56:05 PM (E. Australia Standard Time, UTC+10:00)  #    Comments [0]
# Monday, July 30, 2007
Using Powershell to find information from Cisco switches

Today I found myself clicking through a large number of text files containing information from Cisco switches. The text files contained a show run, show ver, show cdp neighbours and show interface status.

The customer wanted to know which interfaces had been hard-coded for speed or duplex and which interfaces had auto-negotiated to half duplex. After doing the first two by hand I realized Powershell could accomplish this quite quickly.

Get-ChildItem -Recurse -Filter "show-run.txt" | Select-String "speed","duplex"

And the results:
172.16.3.101\show-run.txt:50: duplex half
172.16.3.101\show-run.txt:51: speed 100
172.16.3.103\show-run.txt:35: speed 10
172.16.3.103\show-run.txt:45: duplex half
172.16.3.103\show-run.txt:46: speed 10
172.16.3.103\show-run.txt:98: duplex full
172.16.3.103\show-run.txt:99: speed 100
172.16.3.166\show-run.txt:41: duplex half
172.16.3.166\show-run.txt:42: speed 100

To find the interfaces that have negotiated at half duplex:
Get-ChildItem -Recurse -Filter "show-int.txt" | Select-String "half"

The Results:
172.16.3.101\show-int.txt:10:Fa0/6                      notconnect   1          Half     100 100BaseTX/FX
172.16.3.101\show-int.txt:21:Fa0/17                     connected    1        A-Half    A-10 100BaseTX/FX
172.16.3.101\show-int.txt:32:Gi0/1                      connected    1        A-Half    1000 CX_GIGASTACK
172.16.3.102\show-int.txt:32:Gi0/1                      connected    1        A-Half    1000 CX_GIGASTACK
172.16.3.103\show-int.txt:6:Fa0/4                      connected    1          Half      10 100BaseTX/FX
172.16.3.106\show-int.txt:5:Fa0/1                      connected    1        A-Half   A-100 100BaseTX/FX
172.16.3.107\show-int.txt:32:Gi0/1                      connected    1        A-Half    1000 CX_GIGASTACK
172.16.3.121\show-int.txt:32:Gi1/1                      connected    1        A-Half    1000 CX_GIGASTACK
172.16.3.123\show-int.txt:32:Gi0/1                      connected    1        A-Half    1000 CX_GIGASTACK
172.16.3.164\show-int.txt:33:Gi0/2                      connected    1        A-Half    1000 CX_GIGASTACK
172.16.3.166\show-int.txt:5:Fa0/1                      notconnect   1          Half     100 100BaseTX/FX
172.16.3.166\show-int.txt:32:Gi0/1                      connected    1        A-Half    1000 CX_GIGASTACK
172.16.3.169\show-int.txt:33:Gi0/2                      connected    1        A-Half    1000 CX_GIGASTACK
176.16.3.122\show-int.txt:31:Fa0/24                     connected    1        A-Half   A-100 100BaseTX/FX
...
Just saved myself half an hour of clicking through txt files!

PowerShell | Networking
posted on Monday, July 30, 2007 1:31:30 PM (E. Australia Standard Time, UTC+10:00)  #    Comments [0]

Page rendered at Saturday, October 11, 2008 8:25:45 AM (E. Australia Standard Time, UTC+10:00)