Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some computers do not capture CDP Info when its there #34

Open
TrevorW7 opened this issue Feb 14, 2024 · 0 comments
Open

Some computers do not capture CDP Info when its there #34

TrevorW7 opened this issue Feb 14, 2024 · 0 comments

Comments

@TrevorW7
Copy link

Below shows the results of trying to capture CDP info and its failing on all interfaces for particular servers.

PS C:\Windows\system32> Invoke-DiscoveryProtocolCapture -NoCleanup -Verbose
VERBOSE: ParameterSetName: LocalCapture
VERBOSE: TargetComputer: SERVERNAME
VERBOSE: ETLFilePath: C:\Users\Username\AppData\Local\Temp\tmp201.etl
VERBOSE: Found file c:\users\Username\appdata\local\temp\tmp201.etl
WARNING: No discovery protocol packets captured on SERVERNAME in 62 seconds.

PS C:\Windows\system32>

If I run Wireshark the CDP packets are there:
CDP Packets Example

If I try to run etl2pcapng.exe on the tmp201.etl file to convert it to Wireshark format, it errors out with "Opentrace failed with 2"

However, if I capture my own packets:

netsh trace start capture=yes IPv4.Address=10.70.65.209 tracefile=C:\Users\Username\AppData\Local\Temp\Trace.etl

Then wait 60+ seconds and stop the trace, I can convert the etl file to a pcapng file and I can open it in Wireshark and see the packets.

Hoping I might be able to help resolve why these captures fail on some servers, but not others. Clearly, the packets are there and they can be captured.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@TrevorW7