Capture CDP packets and populate WMI for SCCM

This little gem I wrote will listen to all interfaces on a computer for CDP packets. Once it has looped all the interfaces any packets it has captured are processed and added to WMI.

Using the attached SMS_DEF.mof we can extract that information and place it in SCCM. Anyone who knows what CDP is will see the benefit immediately. For the rest; CDP (Cisco Discovery Protocol), Cisco devices send out CDP packets every 60seconds each packet contains information about the port it was sent from and the sender. In a nutshell if my computer receives a packet then I can tell which switch I am connected to, what port on that switch and a few other bits and bobs about the switch. e.g. In a test environment I have a Cisco switch which connects to a Cisco IP phone which then connects to my computer, when exe runs I get two entries in WMI, one for the phone and one for the Switch.

The use case is that helpdesk  may not know where a user is physically or where they are connected to the network and the user may be experiencing network issues, this would allow a helpdesk tech to locate the switchport  the user is connected to and pass that info to the network team for troubleshooting saving both parties the hassle of tracing cables and also allowing reporting on where a user is plugging in over a period of time.

There is still a bit to be done for this but it does generally work.

If you find this useful please feel free to Donate.. ;)

Requirements:

  • WinPCap, this needs to be installed on all machines this program runs on. Sorry but MS don’t let you low enough to capture the raw packets.
  • Application needs to be run as administrator (so it has access to the NIC & can edit WMI), I’ll try and fix this at a later date if I really must.
Todo:
  • Pre-Built Binary I’ve added a binary to the downloads section.
  • Allow commandline config options
  • Generate SMS_DEF.MOF
  • Cleanup code

Link: http://sourceforge.net/projects/cdptowmi/

4 thoughts to “Capture CDP packets and populate WMI for SCCM”

  1. This is awesome. Huge potential use case at a helpdesk. I will certainly keep an eye on this application.

    Would a scheduled job running as admin to do the trick or perhaps install it as a service now that you made a binary?

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This blog is kept spam free by WP-SpamFree.