I found today a very useful article. It’s worth a try!
tcpdump command will sniff for Cisco switches’ Cisco Discovery Protocol (CDP) packets. It’s useful to add to your regular arsenal of pings and traceroutes if you’re working on a system on a foreign network of which you were given little to no information. Oh, this assumes you have root access of course. Change
eth0 of course to match the network interface(s) you want to examine.
tcpdump -nn -v -i eth0 -s 1500 -c 1 'ether[20:2] == 0x2000'
CDP packets offer some additional insight to the network you’re on:
The information contained in CThis DP announcements varies by the type of device and the version of the operating system running on it. Information contained includes the operating system version, hostname, every address for every protocol configured on the port where CDP frame is sent eg. IP address, the port identifier from which the announcement was sent, device type and model, duplex setting, VTP domain, native VLAN, power draw (for Power over Ethernet devices), and other device specific information.
tcpdump output might look something like (IP address XX’d out):
14:42:57.087609 CDPv2, ttl: 180s, checksum: 692 (unverified), length 358 Device-ID (0x01), length: 11 bytes: 'Public_DMZ' Address (0x02), length: 13 bytes: IPv4 (1) XXX.XXX.XX.X Port-ID (0x03), length: 16 bytes: 'FastEthernet0/21' Capability (0x04), length: 4 bytes: (0x00000028): L2 Switch, IGMP snooping Version String (0x05), length: 220 bytes: Cisco Internetwork Operating System Software IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(12c)EA1, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Sun 24-Nov-02 23:31 by antonino Platform (0x06), length: 21 bytes: 'cisco WS-C2950G-24-EI' Protocol-Hello option (0x08), length: 32 bytes: VTP Management Domain (0x09), length: 0 byte: '' 1 packets captured 2 packets received by filter 0 packets dropped by kernel