https://community.checkpoint.com/t5/Firewall-and-Security-Management/show-cdp/m-p/80237#M6166 <P>This looks like another great candidate for <a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/21670">@HeikoAnkenbrand</a> or <a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/687">@Danny</a> to turn into oneliner <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Mon, 30 Mar 2020 19:41:48 GMT Vladimir 2020-03-30T19:41:48Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/show-cdp/m-p/80229#M6164 <P>hello i'm trying to see where my checkpoint is connected (which physical port)&nbsp;</P><P>the physical port is eth 2 on the checkpoint</P><P>is there a command similar to "show cdp" in checkpoint CLI ?</P> Mon, 30 Mar 2020 18:44:12 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/show-cdp/m-p/80229#M6164 nflnetwork29 2020-03-30T18:44:12Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/show-cdp/m-p/80234#M6165 <P>&nbsp;</P> <P>Sort of.&nbsp; From the third edition of my book:</P> <LI-SPOILER> <P>Determining the Layer 2 switching path is a little more difficult and may involve<BR />tracing cables. If you are using Cisco switches in your network, from the firewall you<BR />can sniff and decode Cisco Discovery Protocol (CDP) frames from the switch attached to<BR />the firewall with this command:</P> <P><STRONG>tcpdump -vn -s 1500 -i (interface) 'ether[20:2] == 0x2000'</STRONG></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="fig16.jpg" style="width: 602px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/5238i4BE9A331D0708347/image-size/large?v=v2&amp;px=999" role="button" title="fig16.jpg" alt="fig16.jpg" /></span><BR />Figure 1-6: tcpdump Decode of CDP Traffic</P> <P><BR />From your testing workstation, you can do something similar in Wireshark. Start a<BR />capture on your network interface and use the following filter:</P> <P><BR /><STRONG>eth.dst == 01:00:0c:cc:cc:cc</STRONG></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="fig17.jpg" style="width: 559px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/5239iD26C6E37A9FD867A/image-size/large?v=v2&amp;px=999" role="button" title="fig17.jpg" alt="fig17.jpg" /></span><BR />Figure 1-7: Wireshark Decode of CDP Traffic</P> <P><BR />The CDP traffic should tell you enough about the locally attached switch to identify<BR />it. Keep in mind that there may be many other switches in the path between your testing<BR />workstation and the firewall depending upon the architecture of your network; you need<BR />to discover them all. If they are Cisco switches and you can obtain command-line access<BR />to them, running the Cisco IOS command <STRONG>show cdp neighbors</STRONG> is helpful for<BR />identifying adjacent switches.</P> <P><BR />Depending on the vendor (and version) of the networking devices used in your<BR />environment, they may be using the IEEE 802.1AB Link Layer Discovery Protocol<BR />(LLDP) instead of CDP. The Cisco command <STRONG>show lldp neighbors</STRONG> is helpful for<BR />identifying adjacent switches; use this command to view and decode LLDP traffic:</P> <P><BR /><STRONG>tcpdump -vn -s 1500 -i (interface) ether proto 0x88cc</STRONG></P> </LI-SPOILER> <P>&nbsp;</P> Mon, 30 Mar 2020 19:36:25 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/show-cdp/m-p/80234#M6165 Timothy_Hall 2020-03-30T19:36:25Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/show-cdp/m-p/80237#M6166 <P>This looks like another great candidate for <a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/21670">@HeikoAnkenbrand</a> or <a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/687">@Danny</a> to turn into oneliner <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Mon, 30 Mar 2020 19:41:48 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/show-cdp/m-p/80237#M6166 Vladimir 2020-03-30T19:41:48Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/show-cdp/m-p/80238#M6167 really? that seems like its overly complicated lol Mon, 30 Mar 2020 19:44:05 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/show-cdp/m-p/80238#M6167 nflnetwork29 2020-03-30T19:44:05Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/show-cdp/m-p/80279#M6170 <P>Cisco Discover Protocol is not supported with Check Point.&nbsp;</P> Tue, 31 Mar 2020 07:03:59 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/show-cdp/m-p/80279#M6170 _Val_ 2020-03-31T07:03:59Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/show-cdp/m-p/82849#M6405 <P>There is self-written CDP deamon for Check Point. Works like a charm.<BR /><BR /><A href="https://github.com/oribit/cdpd-cp" target="_blank" rel="noopener">https://github.com/oribit/cdpd-cp</A></P> Wed, 22 Apr 2020 22:04:02 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/show-cdp/m-p/82849#M6405 Maria_Pologova 2020-04-22T22:04:02Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/show-cdp/m-p/144711#M22564 <P>What about LLDP?</P> <P>&nbsp;</P> Thu, 24 Mar 2022 16:10:35 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/show-cdp/m-p/144711#M22564 xsxso 2022-03-24T16:10:35Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/show-cdp/m-p/144743#M22568 <P>Only in R81 and above per&nbsp;<SPAN>sk117676, note the limitations about VSX.&nbsp;</SPAN></P> Thu, 24 Mar 2022 23:14:09 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/show-cdp/m-p/144743#M22568 Chris_Atkinson 2022-03-24T23:14:09Z