Find Out Which Switch Port Connected to Server Using tcpdump

In Corporate Environments, Some times, you need to find out which Network switch and switch port are connected to which NIC of the server. In these scenarios, you can use "tcpdump" command in your Linux/UNIX shell to find out network switch and switch port which is connected to a NIC.


Note: The server should have tcpdump installed to use this.


Here is the Syntax of the command: 

tcpdump -nn -v -i <NIC_INTERFACE> -s 1500 -c 1 'ether[20:2] == 0x2000' 

Example:

testsrv1:~ # tcpdump -nn -v -i eth3 -s 1500 -c 1 'ether[20:2] == 0x2000'
tcpdump: listening on eth3, link-type EN10MB (Ethernet), capture size 1500 bytes
03:25:22.146564 CDPv2, ttl: 180s, checksum: 692 (unverified), length 370
   Device-ID (0x01), length: 11 bytes: 'ch-bx48-sw13' 
   Address (0x02), length: 13 bytes: IPv4 (1) 192.168.1.15
   Port-ID (0x03), length: 15 bytes: 'FastEthernet0/7' 
   Capability (0x04), length: 4 bytes: (0x00000028): L2 Switch, IGMP snooping
   Version String (0x05), length: 220 bytes:
   Cisco Internetwork Operating System Software
   IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(14)EA1a, RELEASE SOFTWARE (fc1)
   Copyright (c) 1986-2003 by cisco Systems, Inc.
   Compiled Tue 02-Sep-03 03:33 by antonino
   Platform (0x06), length: 18 bytes: 'cisco WS-C2950T-24'
   Protocol-Hello option (0x08), length: 32 bytes:
   VTP Management Domain (0x09), length: 6 bytes: 'ecomrd'
   Duplex (0x0b), length: 1 byte: full
   AVVID trust bitmap (0x12), length: 1 byte: 0x00
   AVVID untrusted ports CoS (0x13), length: 1 byte: 0x00
1 packets captured
2 packets received by filter
0 packets dropped by kernel
testsrv1:~ #

In the above example, The network switch name and Port connected are highlighted. Hope this will be helpful :)