This is our old Q&A Site. Please post any new questions and answers at


I am using Dell Latitude E6400, and my Wireshark version is version 1.6.7. When I try to capture through my interface, CDP packets are missing. It shows other multicast packets like HSRP, OSPF. What may be the reason and how to solve it?

I am using Symantec End Point.

asked 04 Jun '12, 21:47

afsal's gravatar image

accept rate: 0%

edited 16 Jun '12, 19:55

cmaynard's gravatar image

cmaynard ♦♦

To know something is missing, you need to know that it was there to begin with. So lets start by verifying that CDP is indeed enabled on the port you are connected to. Could you run the command "sh cdp int <interface-to-your-dell>"? It should give you details like this:

c2950#sh cdp int fa0/1
FastEthernet0/1 is up, line protocol is up
  Encapsulation ARPA
  Sending CDP packets every 60 seconds
  Holdtime is 180 seconds

Then capture long enough to see the actual packets. In my case I need to capture more than 60 seconds. You can use the capture filter "ether host 01:00:0c:cc:cc:cc" to capture only CDP packets.

If the packets are still missing in the capture, then maybe some software on your laptop is blocking those packets to get to WinPcap/Wireshark. You may want to check with a linux live-CD and tcpdump to see if the packets indeed arrive on your port.

permanent link

answered 04 Jun '12, 23:39

SYN-bit's gravatar image

SYN-bit ♦♦
accept rate: 20%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 04 Jun '12, 21:47

question was seen: 4,591 times

last updated: 16 Jun '12, 19:55

p​o​w​e​r​e​d by O​S​Q​A