Skip to content

What To Do If LDWin Captures No Data

Jump to bottom Edit New page
Chris Hall edited this page Apr 9, 2014 · 3 revisions

Effectively LDWin is a Windows GUI wrapper to a command line application called tcpdump.exe. To double check that you are definitely not receiving link data (the normal cause of LDWin returning "NO LINK DATA FOUND ... !") you can run tcpdump.exe manually from a windows command prompt opened as an administrator (See Microsoft Technet for details).

How To Run tcpdump.exe Manually

  1. Download tcpdump from here: https://www.github.com/chall32/LDWin/blob/master/tcpdump.exe

  2. Open an administrative command prompt, change directory to the folder containing tcpdump.exe and run the following:

    3. tcpdump.exe -D

  3. This will list the network adapters in your system. For example, when running tcpdump.exe -D, I receive the following information:

    4. 1. \Device\PssdkLoopback (PSSDK Loopback Ethernet Emulation Adapter)
    2. \Device\NdisWanBh (WAN Miniport (Network Monitor))
    3. \Device\{6935456A-389E-427F-80DC-1C1E192660DD} (Intel(R) PRO/1000 MT Network Connection

  4. Armed with this information, you need to pick out the number of the device you wish to use to capture link data. Using the example above, I want to be listening on adapter number 3, my Intel PRO/1000 MT Network Connection. Yours will undoubtedly be different!

  5. Run the following command replacing `XadapterX` with your adapter number:

    6. tcpdump -i XadapterX -nn -v -s 1500 -c 1 (ether[12:2]==0x88cc or ether[20:2]==0x2000)

    Using my example above, I would run the following:

    tcpdump -i 3 -nn -v -s 1500 -c 1 (ether[12:2]==0x88cc or ether[20:2]==0x2000)

  6. If there is any link data to be gleaned, it will be displayed and you will be retuned to the command prompt. If you are not (and you have given tcpdump.exe a good 2 or 3 minutes to run) then hit CTRL-C to quit tcpdump.exe. Unfortunately there is no link data to be found.

If tcpdump does return data however, please let me have the FULL output. Feel free change hostnames, IP addresses, MAC addresses etc. I'm not interested in those. What I am interested in however is the types of information returned. For example device model, device vendor, port information, etc, etc.

Please let me have this info by creating an LDWin issue ticket here, pasting your tcpdump.exe output into the ticket. I can then endeavour to code LDWin to pick up on this returned information and return it to the GUI, thus making LDWin better for everyone!

Further Reading

So what is the syntax of that tcpdump.exe command? Here you go:
  • -i = interface number
  • -nn = not resolving dns or port numbers
  • -v = verbose mode
  • -s 1500 = snagging up to 1500 bytes of the CDP or LLDP packet
  • -c 1 = capture one packet before exiting
  • ether[12:2]==0x88cc = checking bytes 12 and 13 from the start of the Ethernet header for a value of 2000 (hex) to capture LLDP broadcast information
  • ether[20:2]==0x2000 = checking bytes 20 and 21 from the start of the Ethernet header for a value of 2000 (hex) to capture CDP broadcast infromation
Add a custom footer
Add a custom sidebar
Clone this wiki locally