This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Why can’t I capture CDP Packets with my app?

0

So I'm having a strange issue trying to capture CDP packets. I wrote my own light weight application utilizing the wpcap.dll and built a filter and a parser everything was working fine until I started testing with other computers. It was then I figured out that my application will NOT capture CDP packets if wire shark is not running.

It is capturing an parsing packets fine I can see them scrolling by but I never get a CDP hit. My switches are set to advertise every 60 seconds but I can leave my program open for 10 mins and then open wireshark and get a CDP packet. If I close Wireshark I no longer see the CDP packets.

I'm using the filter 'ether[20:2] == 0x2000' looking for type '0x01E3'

asked 18 Apr '17, 06:29

tlman12's gravatar image

tlman12
6113
accept rate: 0%


One Answer:

0

Destination MAC address of a CDP packet is a multicast address. Therefore to be able to get such a packet to the application layer your network card has to accept it.

This can be achieved by setting the network card to promiscuous mode (which does Wireshark resp. the WINpcap driver). Or another way is to join this multicast address at the OS level.

answered 18 Apr '17, 06:43

Uli's gravatar image

Uli
9031515
accept rate: 29%

edited 18 Apr '17, 06:49

-Facepalm- I've been messing with this for hours wondering why I could only capture with wireshark running.

Set my program to put the card in promiscuous mode and bam packet captured. Thank you!

(18 Apr '17, 07:18) tlman12
1

If an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information.

(18 Apr '17, 07:49) grahamb ♦