Linux: Using Tcpdump to Capture LLDP Info


According to Wikipedia, “Link Layer Discovery Protocol (LLDP) is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet”

LLDP is often what you will find running on non-Cisco switches and routers (which usually run CDP). If you want to use tcpdump to capture northbound switch port information, you can use the example below as a guide.


# tcpdump -nn -v -i p4p2 ether proto 0x88cc
tcpdump: WARNING: p4p2: no IPv4 address assigned
tcpdump: listening on p4p2, link-type EN10MB (Ethernet), capture size 65535 bytes
19:00:12.559556 LLDP, length 218
Chassis ID TLV (1), length 7
Subtype MAC address (4): f4:8e:38:28:b6:89
Port ID TLV (2), length 11
Subtype Interface Name (5): ethernet11
Time to Live TLV (3), length 2: TTL 120s
Port Description TLV (4), length 39: BCF Port ethernet11
System Name TLV (5), length 22: Switch01




Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.