Get Cisco network information

tcpdump -nn -v -i eth0 -s 1500 -c 1 'ether[20:2] == 0x2000'
This gives you lots of nifty Cisco network information like VLAN tag, port and switch information.
Sample Output
14:42:57.087609 CDPv2, ttl: 180s, checksum: 692 (unverified), length 358
      Device-ID (0x01), length: 11 bytes: 'Public_DMZ'
      Address (0x02), length: 13 bytes: IPv4 (1) XXX.XXX.XX.X
      Port-ID (0x03), length: 16 bytes: 'FastEthernet0/21'
      Capability (0x04), length: 4 bytes: (0x00000028): L2 Switch,
IGMP snooping
      Version String (0x05), length: 220 bytes:
        Cisco Internetwork Operating System Software
        IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(12c)EA1,
        Copyright (c) 1986-2002 by cisco Systems, Inc.
        Compiled Sun 24-Nov-02 23:31 by antonino
      Platform (0x06), length: 21 bytes: 'cisco WS-C2950G-24-EI'
      Protocol-Hello option (0x08), length: 32 bytes:
      VTP Management Domain (0x09), length: 0 byte: ''
1 packets captured
2 packets received by filter
0 packets dropped by kernel

By: spif
2009-02-20 18:02:27

What Others Think

adminzim · 648 weeks and 3 days ago
very cool.
grokskookum · 613 weeks and 5 days ago

What do you think?

Any thoughts on this command? Does it work on your machine? Can you do the same thing with only 14 characters?

You must be signed in to comment.

What's this? is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.


Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: