Capture LLDP packets using tcpdump

tcpdump packet-capture
udaya picture udaya · Aug 7, 2013 · Viewed 38.2k times · Source

What is the format to capture LLDP packets on an interface using tcpdump?

I tried the following format but it dint work:

tcpdump -w test.pcap -i eth0 lldp -vv

Answer

user862787 picture user862787 · Aug 7, 2013 
tcpdump -w test.pcap -i eth0 ether proto 0x88cc

The Ethernet type for LLDP is 0x88cc, so the filter to see only LLDP packets is ether proto 0x88cc.

-v is useful when used with -w to print a short count of packets matched, like this: Got 11.

-w means "write the raw packets to the file, and don't print anything"; -v means "print verbosely", so ostensibly the arguments don't make sense together but with -w, the -v option provides some utility.

Related questions

Capture incoming traffic in tcpdump

In tcpdump, how can I capture all incoming IP traffic destined to my machine? I don't care about my local traffic. Should I just say: tcpdump ip dst $MyIpAddress and not src net $myIpAddress/$myNetworkBytes ... or am I missing something?

Read More
How to filter MAC addresses using tcpdump?

I am running tcpdump on DD-WRT routers in order to capture uplink data from mobile phones. I would like to listen only to some mac addresses. To do this I tried to run the command using a syntax similar to …

Read More
how wireshark marks some packets as "tcp segment of a reassembled pdu"

I opened a pcap in wireshark and it displays a lot of packets as "tcp segment of a reassembled pdu". How wireshark is able to determine which tcp packets are segments of a reassembled pdu ? I am not able to …

Read More