PSDiscoveryProtocol
PSDiscoveryProtocol copied to clipboard
Some computers do not capture CDP Info when its there
Below shows the results of trying to capture CDP info and its failing on all interfaces for particular servers.
PS C:\Windows\system32> Invoke-DiscoveryProtocolCapture -NoCleanup -Verbose
VERBOSE: ParameterSetName: LocalCapture
VERBOSE: TargetComputer: SERVERNAME
VERBOSE: ETLFilePath: C:\Users\Username\AppData\Local\Temp\tmp201.etl
VERBOSE: Found file c:\users\Username\appdata\local\temp\tmp201.etl
WARNING: No discovery protocol packets captured on SERVERNAME in 62 seconds.
PS C:\Windows\system32>
If I run Wireshark the CDP packets are there:
If I try to run etl2pcapng.exe on the tmp201.etl file to convert it to Wireshark format, it errors out with "Opentrace failed with 2"
However, if I capture my own packets:
netsh trace start capture=yes IPv4.Address=10.70.65.209 tracefile=C:\Users\Username\AppData\Local\Temp\Trace.etl
Then wait 60+ seconds and stop the trace, I can convert the etl file to a pcapng file and I can open it in Wireshark and see the packets.
Hoping I might be able to help resolve why these captures fail on some servers, but not others. Clearly, the packets are there and they can be captured.