| - | Download the TCPDUMP.EXE |
| |
| - | Identify the interface to scan: |
| | o | netsh interface ip show interface "Local Area Connection" | findstr /i "index" |
|
| - | Before running the executable, I found I had to disable antivirus first because some can block this program from running. |
| - | Run the command: (Change the "-i" value to the appropriate Interface #) |
| | o | tcpdump -nn -v -i # -s 1500 -c 1 ether[20:2] == 0x2000 |
|
| - | The results may be similar to as follows |
| | tcpdump: listening on \Device\{GUID Displayed of Interface} |
| | 12:27:13.751768 CDPv2, ttl: 180s, checksum: 692 (unverified), length 284 |
| | Device-ID (0x01), length: 20 bytes: 'DEVICEID(CISCO SWITCH/CORE NAME)' |
| | Address (0x02), length: 13 bytes: IPv4 (1) CORE IP ADDRESS |
| | Port-ID (0x03), length: 4 bytes: 'BLADE/PORT#' |
| | Capability (0x04), length: 4 bytes: (0x0000000a): Transparent Bridge, L2 Switch |
| | Version String (0x05), length: 96 bytes: |
| | WS-C6506 Software, Version McpSW: 7.6(9) NmpSW: 7.6(9) |
| | Copyright (c) 1995-2004 by Cisco Systems |
| | |
| | Platform (0x06), length: 8 bytes: 'WS-C6506' |
| | VTP Management Domain (0x09), length: 9 bytes: 'DOMAINNAME' |
| | Native VLAN ID (0x0a), length: 2 bytes: 213 |
| | Duplex (0x0b), length: 1 byte: full |
| | AVVID trust bitmap (0x12), length: 1 byte: 0x00 |
| | AVVID untrusted ports CoS (0x13), length: 1 byte: 0x00 |
| | System Name (0x14), length: 7 bytes: 'CISCO SWITCH/CORE NAME' |
| | System Object ID (not decoded) (0x15), length: 10 bytes: |
| | 0x0000: 0608 2b06 0104 0109 052d |
| | Management Addresses (0x16), length: 13 bytes: IPv4 (1) CORE IP ADDRESS |
| | Physical Location (0x17), length: 31 bytes: 0x00/TEXT NAME OF LOCATION |
| | 1 packets captured |
| | 117 packets received by filter |
| | 0 packets dropped by kernel |
