CISCO Discovery Protocol (CDP) ByAlexander Alperovich Alexandra Davidov Boris Kostenko

What Is CDP? Cisco Discovery Protocol Runs on all Cisco-manufactured equipment including routers, bridges, access servers, and switches Embedded virtually in every Cisco platform Media and network protocol independent Provides a mechanism for two neighboring devices to learn about each other Detects native VLAN and port duplex mismatches

How it works router1 switch 1switch 2 … networks … LANs Neighbors: - Neighbors: - Neighbors: - Two switches and router don ’ t know about each other – they are not connected

How it works (cont.) router1 switch 1switch 2 … networks … LANs Neighbors: - Neighbors: - Neighbors: - After connection devices report about themselves CDP packet from switch router

How it works (cont.) router1 switch 1switch 2 … networks … LANs Neighbors: router1 Neighbors: router1 Neighbors: switch 1 switch 2 Now router knows about 2 its neighbors and each switch knows about neighbor-router Note, switch2 doesn’t know about switch1 and switch1 about switch2 – they are not neighbors! CISCO devices don’t allow the CDP packets to pass by.

How it works (cont.) CDP runs on all media that support Sub Network Access Protocol (SNAP), including LAN, Frame Relay and Asynchronous Transfer Mode (ATM). CDP runs over the Data Link layer only. Cisco devices never forward CDP packets When new CDP information is received, Cisco devices discard old information.

How it works (cont.) Each device configured for CDP periodically sends messages to a multicast address CCC.CCCC Each device advertises at least one address at which it can receive SNMP messages Each device reads from the LAN CDP messages sent by others in order to learn about neighboring devices and determine when their interfaces to the media go up or down

Each CDP packet contains header type/length/value triplets Version (1 byte) Time-to- live (1 byte) Checksum (2 bytes) Type (2 bytes) Length (2 bytes) Value (variable) HeaderTriplet Version – version of CDP packet (can be 0x01 or 0x02) Time-to-live – the amount of time, in seconds, that a receiver should retain the information contained in this packet Checksum – the standard IP checksum

Each CDP packet contains header type/length/value triplets Version (1 byte) Time-to- live (1 byte) Checksum (2 bytes) Type (2 bytes) Length (2 bytes) Value (variable) HeaderTriplet Type – the type of information of the triplet. Length – the length of current triplet (includes type and length fields) Value – corresponding information

Possible triple types Triples can contain information of some possible types: Device ID Address Port ID Capabilities Version Platform IP Network Prefix VTP Management Domain Native VLAN Full/half Duplex For each type “ type ” and “ value ” fields contain corresponding information

Why do we need CDP? Use of SNMP with the CDP Management Information Base (MIB) allows network management applications to learn the device type and the SNMP agent address of neighboring devices Enables applications to send SNMP queries to neighboring devices Two systems that support different network- layer protocols can learn about each other (protocol works over layer-2)

Application features and abilities

Main application abilities Connect and disconnect LAN in DLC level Run CDP protocol: Sending CDP packets containing the data of the computer that runs the application Receiving CDP packets and presenting discovered neighbor devices on screen Simulate running CDP of different devices. Dump the current neighbor devices status to the disc

More features Creating new simulation devices: New devices for simulation can be created and activated immediately at runtime Created simulation devices can be saved to disc in XML format, for future use and edit Change settings at runtime: TTL of sent packets and time interval between packets can be changed any time during runtime

CDP Application description and the User interface

CDP Application Main Dialog Window

Working modes The application has three working modes: Transmission mode: CDP packets are sent and read from the LAN Frozen mode: no CDP packets sent, no packets read Read only mode: CDP packets read, no packets are sent

Simulation devices Devices for simulation are saved in XML format and read by the application directly from the disk Simulated device can be changed anytime using “ choose simulated device ” option

Creating new simulation device New devices for the simulation can be created any time using the “ Creating new device ” dialog The dialog is a form of CDP packet properties which represent the desirable device After the obligatory fields are filled (those are the fields marked by *), created device can be saved as XML and immediately loaded for simulation  Important: “ Device name ” at the form is the name that will be presented to the screen, NOT sent in CDP packet, while “ Device ID ” is the ID sent in CDP packet  “ Device name ” is also the default of the created XML file

Creating new device dialog

Settings Following sending settings can be changed directly using settings dialog: Sending interval: time interval CDP packets are sent with TTL of sent packets: value of TTL field in sent CDP packets

Representation of neighboring devices Neighboring devices (devices from which CDP packets were received) are represented in a form of a tree Represented devices are divided to two groups: Active devices – a CDP packet was received from the device and TTL time hasn ’ t passed yet Time out devices – TTL time has passed since last CDP packet was received from the device, but no “ expiring packet ” (packet with TTL=0) was received from the device Expired devices are not represented at the application dialog, but still appear at the status file, as explained bellow User can choose whether the local device will be shown (this option is relevant only in transmission mode)

Example: There are three active devices Properties of “ ” device are open to view There are no devices in TimeOut ReadOnly mode is chosen

Another example: “ 20cmFrying ” device is Active “ ” is in TimeOut User had chosen not to see local devices Transmission mode is chosen Chosen device is “ this computer ”

Saving status Current status can be saved any time as a text file, using “ Save status button ”, saved status includes: Active devices: a CDP packet was received from the device and TTL time hasn ’ t passed yet Time out devices: TTL time has passed since last CDP packet was received from the device, but no “ expiring packet ” (packet with TTL=0) was received from the device Expired devices: devices that sent a packet with TTL=0

The end