OSQA is unmaintained. Help us figure out where to go from here.

So I'm having a strange issue trying to capture CDP packets. I wrote my own light weight application utilizing the wpcap.dll and built a filter and a parser everything was working fine until I started testing with other computers. It was then I figured out that my application will NOT capture CDP packets if wire shark is not running.

It is capturing an parsing packets fine I can see them scrolling by but I never get a CDP hit. My switches are set to advertise every 60 seconds but I can leave my program open for 10 mins and then open wireshark and get a CDP packet. If I close Wireshark I no longer see the CDP packets.

I'm using the filter 'ether[20:2] == 0x2000' looking for type '0x01E3'

asked 18 Apr, 06:29

tlman12's gravatar image

tlman12
613
accept rate: 0%


Destination MAC address of a CDP packet is a multicast address. Therefore to be able to get such a packet to the application layer your network card has to accept it.

This can be achieved by setting the network card to promiscuous mode (which does Wireshark resp. the WINpcap driver). Or another way is to join this multicast address at the OS level.

permanent link

answered 18 Apr, 06:43

Uli's gravatar image

Uli
9031515
accept rate: 30%

edited 18 Apr, 06:49

-Facepalm- I've been messing with this for hours wondering why I could only capture with wireshark running.

Set my program to put the card in promiscuous mode and bam packet captured. Thank you!

(18 Apr, 07:18) tlman12
1

If an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information.

(18 Apr, 07:49) grahamb ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×1,619
×71
×4

question asked: 18 Apr, 06:29

question was seen: 299 times

last updated: 18 Apr, 07:49

p​o​w​e​r​e​d by O​S​Q​A