Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

CDP Discovery Using Microsoft’s PKTMON

In previous articles, I have covered some of what I consider troubleshooting best practices and got back some helpful feedback.

One person asked me, “is there a way to figure out what port I am connected to without using Wireshark?”  Wow! What a great question. Challenge accepted.

In summary, here's what I did: I used the Windows Packet Monitor (Windows pktmon) command to capture only packets addressed to Cisco’s multicast mac address, converted the trace to a text file, then used Microsoft’s find command to get the info I needed.

In this video, I review a little of the Microsoft Prompt usage and then get into pktmon commands. When using pktmon, it is critical to confirm that you don't have any filters already loaded. I have found that pktmon remembers your filters, even after you reboot your computer. The other important thing to verify is the numeric value that points to the network card you wish to capture from.

Here is a list of the commands I used in the video for your reference.

prompt $G$T$G

pktmon filter add -m 01:00:0c:cc:cc:cc

pktmon list

pktmon  start -c --comp 250 --pkt-size 500 -f cdp.etl

pktmon counters

pktmon stop

pktmon  etl2pcap cdp.etl -o cdp.pcapng

pktmon  etl2txt cdp.etl -o cdp.txt -v 2

find "Port-ID" cdp.txt

find "Device-ID" cdp.txt

find "Platform" cdp.txt

find "Duplex" cdp.txt

Recommended Reading: