How can we use Wireshark to save time in physical layer management - a 5 Minute Solution
In this quick tip we will show how to use the Cisco Discovery Protocol or the Link Layer Discovery Protocol to determine what switch, port, and VLAN we are connected to on the network. From time to time when we are troubleshooting a problem we need to know what port corresponds to the wall jack we are snapped into. In many cases, switch connectivity to the desktop is either poorly documented or out of date. Using these protocols, we can see where we are connected within a few seconds.
This tip will only work on networks where CDP or LLDP are enabled. Many switches come with this feature enabled, but in some environments these protocols are disabled.
- First, connect a laptop with Wireshark installed to the wall or office jack you wish to document.
- Fire up the analyzer and capture either 60 seconds of traffic, or until you see the CDP or LLDP packet roll by on the screen. By default, CDP is transmitted every 60 seconds. Type CDP in the display filter bar and apply.
- In the summary view, we can quickly see what switch and port we are connected to. If this is not enough information, we can look further into the CDP details by expanding this field.
Here we can see the switch, port, duplex, VLAN, switch IP, and platform of the device we are connected to. If an LLDP packet is caught (typically on non-Cisco switches) similar information will be displayed.
Using this packet we can quickly determine where we are plugged into the network, saving us time in updating documentation and troubleshooting end user connectivity problems.