Some computers do not capture CDP Info when its there

[TrevorW7]

Below shows the results of trying to capture CDP info and its failing on all interfaces for particular servers.

PS C:\Windows\system32> Invoke-DiscoveryProtocolCapture -NoCleanup -Verbose
VERBOSE: ParameterSetName: LocalCapture
VERBOSE: TargetComputer: SERVERNAME
VERBOSE: ETLFilePath: C:\Users\Username\AppData\Local\Temp\tmp201.etl
VERBOSE: Found file c:\users\Username\appdata\local\temp\tmp201.etl
WARNING: No discovery protocol packets captured on SERVERNAME in 62 seconds.

PS C:\Windows\system32> 

If I run Wireshark the CDP packets are there:

If I try to run etl2pcapng.exe on the tmp201.etl file to convert it to Wireshark format, it errors out with "Opentrace failed with 2"

However, if I capture my own packets:

netsh trace start capture=yes IPv4.Address=10.70.65.209 tracefile=C:\Users\Username\AppData\Local\Temp\Trace.etl

Then wait 60+ seconds and stop the trace, I can convert the etl file to a pcapng file and I can open it in Wireshark and see the packets.

Hoping I might be able to help resolve why these captures fail on some servers, but not others. Clearly, the packets are there and they can be captured.