This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

cdp packets missing

0

Hello;

I am using Dell Latitude E6400, and my Wireshark version is version 1.6.7. When I try to capture through my interface, CDP packets are missing. It shows other multicast packets like HSRP, OSPF. What may be the reason and how to solve it?

I am using Symantec End Point.

asked 04 Jun '12, 21:47

afsal's gravatar image

afsal
1111
accept rate: 0%

edited 16 Jun '12, 19:55

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142


One Answer:

2

To know something is missing, you need to know that it was there to begin with. So lets start by verifying that CDP is indeed enabled on the port you are connected to. Could you run the command "sh cdp int <interface-to-your-dell>"? It should give you details like this:

c2950#sh cdp int fa0/1
FastEthernet0/1 is up, line protocol is up
  Encapsulation ARPA
  Sending CDP packets every 60 seconds
  Holdtime is 180 seconds
c2950#

Then capture long enough to see the actual packets. In my case I need to capture more than 60 seconds. You can use the capture filter "ether host 01:00:0c:cc:cc:cc" to capture only CDP packets.

If the packets are still missing in the capture, then maybe some software on your laptop is blocking those packets to get to WinPcap/Wireshark. You may want to check with a linux live-CD and tcpdump to see if the packets indeed arrive on your port.

answered 04 Jun '12, 23:39

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%