A *short* overview on passive network fingerprinting using CDP
	--------------------------------------------------------------
			(08. June 2006-fix3)

by Steffen Wendzel, www.wendzel.de


The Cisco Discovery Protocol (CDP) is a well known protocol implemented
in most cisco routers. The protocol operates on OSI layer 2 and is used
to find out, which CDP compatible systems are directly connected to an
interface.

detecting the network device
- - - - - - - - - - - - - - -

The CDP is not only used by routers, it is also used on other network
devices (such as bridges). By listening for CDP messages, an observer can
detect the sender's network device type:

	CDP capabilitie value     network device
	---------------------------------------------
	0000001                   router
	0000010                   transparent bridge
	0000100                   source route bridge
	0001000                   switch
	0010000                   host
	0100000                   IGMP capable
	1000000                   repeater

detecting vendor, device name and O.S.
- - - - - - - - - - - - - - - - - - - -

Additionally, CDP can provide more useful information including the device
ID that gives more information about the device and the vendor.

Also included are the address(es) of the host (including IP addresses)
as well as information about the used software version and platform, what
provides detailed information about the system. Possible values look like:

Software Version 0x5
Platform HP 2524

On Cisco systems one can use 'show cdp neighbors' to get information
about near CDP hosts but one can also use ``Ethereal'' and the like to
capture cdp packets on other operating environments.