Message-ID:

Did you know that for the price of a 280-Z you can buy two Z-80's? -- P. J. Plauger

computers / comp.os.vms / Capturing CDP Information from switches

Capturing CDP Information from switches

<65eff0f3-4e05-4284-9063-038715e0d933n@googlegroups.com>

https://www.novabbs.com/computers/article-flat.php?id=30813&group=comp.os.vms#30813

X-Received: by 2002:a05:620a:6596:b0:777:2780:536f with SMTP id qd22-20020a05620a659600b007772780536fmr204974qkn.13.1698187141086;
Tue, 24 Oct 2023 15:39:01 -0700 (PDT)
X-Received: by 2002:a05:6808:1789:b0:3ae:15b6:3292 with SMTP id
bg9-20020a056808178900b003ae15b63292mr5055923oib.4.1698187140859; Tue, 24 Oct
2023 15:39:00 -0700 (PDT)
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!proxad.net!feeder1-2.proxad.net!209.85.160.216.MISMATCH!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.os.vms
Date: Tue, 24 Oct 2023 15:39:00 -0700 (PDT)
Injection-Info: google-groups.googlegroups.com; posting-host=165.225.218.147; posting-account=894-fwoAAAABRYl_sxLP8sILBnapCP4z
NNTP-Posting-Host: 165.225.218.147
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <65eff0f3-4e05-4284-9063-038715e0d933n@googlegroups.com>
Subject: Capturing CDP Information from switches
From: shael.ri...@gmail.com (Shael Richmond)
Injection-Date: Tue, 24 Oct 2023 22:39:01 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

by: Shael Richmond - Tue, 24 Oct 2023 22:39 UTC

I am trying to capture CDP packets from our Cisco switches to gather documentation. I have tried using tcpdump using command we use on Oracle Linux or Solaris, but neither work. VSI support wasn't any help - and wasn't sure tcpdump could find a CDP packet.

Linux
tcpdump -qv -s 1500 -c 1 'ether[20:2] == 0x2000'

Solaris
tcpdump -nv -s 1500 -c 1 ether dst 01:00:0c:cc:cc:cc

tcpdump -v -s 1500 -c 1000 -b 4000 ether[20:2] = 0x2000
tcpdump: Filtering in user process
tcpdump: listening on IE1, link-type EN10MB (Ethernet), capture size 1500 bytes
Cancel

0 packets captured
0 packets received by filter
0 packets dropped by kernel

Has anybody done this before or have any hints?

Shael Richmond
International Paper

tcpdump -nve -c1000 ether host 01:00:0c:cc:cc:cc

Re: Capturing CDP Information from switches

<8d63cfe0-9e82-467d-94b7-206ba216d802n@googlegroups.com>

copy mid

https://www.novabbs.com/computers/article-flat.php?id=30814&group=comp.os.vms#30814

copy link Newsgroups: comp.os.vms

X-Received: by 2002:a05:620a:8e10:b0:76d:567a:42f0 with SMTP id re16-20020a05620a8e1000b0076d567a42f0mr246468qkn.3.1698189962507;
Tue, 24 Oct 2023 16:26:02 -0700 (PDT)
X-Received: by 2002:a05:6870:c18c:b0:1e1:3367:1429 with SMTP id
h12-20020a056870c18c00b001e133671429mr5990214oad.10.1698189962189; Tue, 24
Oct 2023 16:26:02 -0700 (PDT)
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!1.us.feeder.erje.net!feeder.erje.net!border-1.nntp.ord.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.os.vms
Date: Tue, 24 Oct 2023 16:26:01 -0700 (PDT)
In-Reply-To: <65eff0f3-4e05-4284-9063-038715e0d933n@googlegroups.com>
Injection-Info: google-groups.googlegroups.com; posting-host=76.76.60.100; posting-account=OjKUgAkAAAAXAqdVEKd-Gc8RltEUx3Xq
NNTP-Posting-Host: 76.76.60.100
References: <65eff0f3-4e05-4284-9063-038715e0d933n@googlegroups.com>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <8d63cfe0-9e82-467d-94b7-206ba216d802n@googlegroups.com>
Subject: Re: Capturing CDP Information from switches
From: sms.anti...@gmail.com (Steven Schweda)
Injection-Date: Tue, 24 Oct 2023 23:26:02 +0000
Content-Type: text/plain; charset="UTF-8"
Lines: 12

by: Steven Schweda - Tue, 24 Oct 2023 23:26 UTC

> tcpdump: listening on IE1, [...]

Is that interface on the same LAN segment as the CDP packets?

I know nothing, but:

https://learningnetwork.cisco.com/s/article/cisco-discovery-protocol-cdp-x

o CDP only works on directly connected interfaces.

o CDP runs over the data link layer only. Therefore, two systems
that support different network-layer protocols can learn about
each other.

Re: Capturing CDP Information from switches

<01123f19-7f7f-4b4e-91b2-e8c1f644933an@googlegroups.com>

copy mid

https://www.novabbs.com/computers/article-flat.php?id=30815&group=comp.os.vms#30815

copy link Newsgroups: comp.os.vms

X-Received: by 2002:a05:620a:8b12:b0:76f:52f:3f86 with SMTP id qw18-20020a05620a8b1200b0076f052f3f86mr196007qkn.9.1698190250607;
Tue, 24 Oct 2023 16:30:50 -0700 (PDT)
X-Received: by 2002:a9d:63d9:0:b0:6c8:f9bc:f768 with SMTP id
e25-20020a9d63d9000000b006c8f9bcf768mr3857396otl.1.1698190250390; Tue, 24 Oct
2023 16:30:50 -0700 (PDT)
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.os.vms
Date: Tue, 24 Oct 2023 16:30:49 -0700 (PDT)
In-Reply-To: <8d63cfe0-9e82-467d-94b7-206ba216d802n@googlegroups.com>
Injection-Info: google-groups.googlegroups.com; posting-host=165.225.218.147; posting-account=894-fwoAAAABRYl_sxLP8sILBnapCP4z
NNTP-Posting-Host: 165.225.218.147
References: <65eff0f3-4e05-4284-9063-038715e0d933n@googlegroups.com> <8d63cfe0-9e82-467d-94b7-206ba216d802n@googlegroups.com>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <01123f19-7f7f-4b4e-91b2-e8c1f644933an@googlegroups.com>
Subject: Re: Capturing CDP Information from switches
From: shael.ri...@gmail.com (Shael Richmond)
Injection-Date: Tue, 24 Oct 2023 23:30:50 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Received-Bytes: 1608

by: Shael Richmond - Tue, 24 Oct 2023 23:30 UTC

On Tuesday, October 24, 2023 at 6:26:04 PM UTC-5, Steven Schweda wrote:
> > tcpdump: listening on IE1, [...]
>
> Is that interface on the same LAN segment as the CDP packets?
>
>
Well there is no interface switch for tcpdump like there is on Linux.
eia0 is unused
eib0 is primary to the switch
eic0 is backup to the switch

Shael

Re: Capturing CDP Information from switches

<a76932df-ec58-4ad3-8139-194df9222c79n@googlegroups.com>

copy mid

https://www.novabbs.com/computers/article-flat.php?id=30817&group=comp.os.vms#30817

copy link Newsgroups: comp.os.vms

X-Received: by 2002:ac8:5491:0:b0:41c:b3a9:1aad with SMTP id h17-20020ac85491000000b0041cb3a91aadmr246535qtq.3.1698208502479;
Tue, 24 Oct 2023 21:35:02 -0700 (PDT)
X-Received: by 2002:a05:6808:1894:b0:3af:c707:8c9b with SMTP id
bi20-20020a056808189400b003afc7078c9bmr5005740oib.4.1698208502245; Tue, 24
Oct 2023 21:35:02 -0700 (PDT)
Path: i2pn2.org!i2pn.org!news.furie.org.uk!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!weretis.net!feeder6.news.weretis.net!border-2.nntp.ord.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.os.vms
Date: Tue, 24 Oct 2023 21:35:01 -0700 (PDT)
In-Reply-To: <01123f19-7f7f-4b4e-91b2-e8c1f644933an@googlegroups.com>
Injection-Info: google-groups.googlegroups.com; posting-host=76.76.60.100; posting-account=OjKUgAkAAAAXAqdVEKd-Gc8RltEUx3Xq
NNTP-Posting-Host: 76.76.60.100
References: <65eff0f3-4e05-4284-9063-038715e0d933n@googlegroups.com>
<8d63cfe0-9e82-467d-94b7-206ba216d802n@googlegroups.com> <01123f19-7f7f-4b4e-91b2-e8c1f644933an@googlegroups.com>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <a76932df-ec58-4ad3-8139-194df9222c79n@googlegroups.com>
Subject: Re: Capturing CDP Information from switches
From: sms.anti...@gmail.com (Steven Schweda)
Injection-Date: Wed, 25 Oct 2023 04:35:02 +0000
Content-Type: text/plain; charset="UTF-8"
Lines: 13

by: Steven Schweda - Wed, 25 Oct 2023 04:35 UTC

> Well there is no interface switch for tcpdump like there is on Linux.

Does that answer the question?

So your VMS "tcpdump" is SYS$SYSTEM:TCPIP$TCPDUMP.EXE?

> eib0 is primary to the switch

I'd expect that to be IE1 (with EIA0 = IE0, EIC0 = IE2, and so on),
so it might not matter.

One problem with open-source-based programs supplied by the OS vendor
is that you don't always get the source, which can make troubleshooting
hard(er).

Re: Capturing CDP Information from switches

<uhb7nu$q2gt$1@dont-email.me>

copy mid

https://www.novabbs.com/computers/article-flat.php?id=30822&group=comp.os.vms#30822

copy link Newsgroups: comp.os.vms

Path: i2pn2.org!rocksolid2!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: seaoh...@hoffmanlabs.invalid (Stephen Hoffman)
Newsgroups: comp.os.vms
Subject: Re: Capturing CDP Information from switches
Date: Wed, 25 Oct 2023 10:12:14 -0400
Organization: HoffmanLabs LLC
Lines: 40
Message-ID: <uhb7nu$q2gt$1@dont-email.me>
References: <65eff0f3-4e05-4284-9063-038715e0d933n@googlegroups.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: dont-email.me; posting-host="7987762eb85f4b6adfd903a98cc25c2b";
logging-data="854557"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/nRMvC0s1yp9Na6EAg5myyg5zPSVTRCa4="
User-Agent: Unison/2.2
Cancel-Lock: sha1:9YIsVPwkdL2qDGJAqSFJWk+7Rfs=

by: Stephen Hoffman - Wed, 25 Oct 2023 14:12 UTC

On 2023-10-24 22:39:00 +0000, Shael Richmond said:

> I am trying to capture CDP packets from our Cisco switches to gather
> documentation. I have tried using tcpdump using command we use on
> Oracle Linux or Solaris, but neither work. VSI support wasn't any
> help - and wasn't sure tcpdump could find a CDP packet.
>
> Linux
> tcpdump -qv -s 1500 -c 1 'ether[20:2] == 0x2000'
> ...
> Has anybody done this before or have any hints?

Given the likely platform differences in the network stacks, I suspect
you already have your answer; this is below IP.

For this case, I'd expect to either set that MAC address on the NIC, or
set the NIC into promiscuous mode, and then wait for traffic via $qio
or $io_perform to the NIC.

There are some old open-source "lavc" monitoring tools for cluster
traffic from antiquity, and similarly-antediluvian stuff that looks for
the equally ancient MOP SYSID messages, and build off or pattern off
that example code.

Though you could check whether tcpdump port to OpenVMS can even set MAC
addresses or promiscuous mode, and work from there.

Easiest would be to capture this traffic using a platform with a
tcpdump port that supports this, of course.

That could be OpenVMS, but whether whatever driver layer or tun/tap
layer this tcpdump port is tied into doesn't seem to offer what you
want.

Might swing back and look at this later, but for the current scheduling.

--
Pure Personal Opinion | HoffmanLabs LLC

Re: Capturing CDP Information from switches

<8ac3f208-7456-431f-8e05-43b4f933ea35n@googlegroups.com>

copy mid

https://www.novabbs.com/computers/article-flat.php?id=30823&group=comp.os.vms#30823

copy link Newsgroups: comp.os.vms

X-Received: by 2002:ac8:5519:0:b0:419:a2c6:820a with SMTP id j25-20020ac85519000000b00419a2c6820amr291975qtq.13.1698251591067;
Wed, 25 Oct 2023 09:33:11 -0700 (PDT)
X-Received: by 2002:a05:6870:c18c:b0:1e1:3367:1429 with SMTP id
h12-20020a056870c18c00b001e133671429mr6759738oad.10.1698251590807; Wed, 25
Oct 2023 09:33:10 -0700 (PDT)
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.os.vms
Date: Wed, 25 Oct 2023 09:33:10 -0700 (PDT)
In-Reply-To: <uhb7nu$q2gt$1@dont-email.me>
Injection-Info: google-groups.googlegroups.com; posting-host=165.225.218.147; posting-account=894-fwoAAAABRYl_sxLP8sILBnapCP4z
NNTP-Posting-Host: 165.225.218.147
References: <65eff0f3-4e05-4284-9063-038715e0d933n@googlegroups.com> <uhb7nu$q2gt$1@dont-email.me>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <8ac3f208-7456-431f-8e05-43b4f933ea35n@googlegroups.com>
Subject: Re: Capturing CDP Information from switches
From: shael.ri...@gmail.com (Shael Richmond)
Injection-Date: Wed, 25 Oct 2023 16:33:11 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Received-Bytes: 2810

by: Shael Richmond - Wed, 25 Oct 2023 16:33 UTC

On Wednesday, October 25, 2023 at 9:12:18 AM UTC-5, Stephen Hoffman wrote:
> On 2023-10-24 22:39:00 +0000, Shael Richmond said:
>

> Given the likely platform differences in the network stacks, I suspect
> you already have your answer; this is below IP.
>
> For this case, I'd expect to either set that MAC address on the NIC, or
> set the NIC into promiscuous mode, and then wait for traffic via $qio
> or $io_perform to the NIC.
>
> There are some old open-source "lavc" monitoring tools for cluster
> traffic from antiquity, and similarly-antediluvian stuff that looks for
> the equally ancient MOP SYSID messages, and build off or pattern off
> that example code.
>
> Though you could check whether tcpdump port to OpenVMS can even set MAC
> addresses or promiscuous mode, and work from there.
>
> Easiest would be to capture this traffic using a platform with a
> tcpdump port that supports this, of course.
>
> That could be OpenVMS, but whether whatever driver layer or tun/tap
> layer this tcpdump port is tied into doesn't seem to offer what you
> want.
>
Yeah I think I am out of luck. I used ifconfig to turn on promiscuous mode but that didn't help either. Then I found -
1.2.5.4. Restrictions
The following restrictions apply to using tcpdump on OpenVMS:
Copy-all mode is on by default on OpenVMS.
Promiscuous mode is not available, so tracing must be issued on either the source or destination host.
Only Ethernet native tracing on is supported on OpenVMS.

Shael Richmond

Subject	Author
Capturing CDP Information from switches	Shael Richmond
Re: Capturing CDP Information from switches	Steven Schweda
Re: Capturing CDP Information from switches	Shael Richmond
Re: Capturing CDP Information from switches	Steven Schweda
Re: Capturing CDP Information from switches	Stephen Hoffman
Re: Capturing CDP Information from switches	Shael Richmond