tcpdump filter for capturing only Cisco Discovery Protocol (CDP) Packets
This is old, but I just had the need, and I would like to share.
To capture a single CDP packet, type the following at a command-prompt (need root privileges):
tcpdump -nn -v -i eth0 -s 1500 -c 1 ‘ether[20:2] == 0x2000’
The coolest part of this command is that you can find out what is your port on the switch.
# tcpdump -nn -v -i eth0 -s 1500 -c 1 ‘ether[20:2] == 0x2000’
Device-ID (0x01), length: 25 bytes: <SWITCH_NAME>
Port-ID (0x03), length: 19 bytes: <PORT_NUMBER>