lahell

@AlpSantoGlobalMomentumLLC Try to run `Invoke-DiscoveryProtocolCapture -NoCleanup -Verbose`. You should get a line like `VERBOSE: ETLFilePath: C:\Users\username\AppData\Local\Temp\tmpAB12.etl`. Download [etl2pcapng](https://github.com/microsoft/etl2pcapng), use it to convert the etl to pcapng and open the pcapng...

What you see in Wireshark is DTP frames. Not CDP or LLDP. Don’t know why the other tool is able to capture the LLDP frames. Are you able to capture...

@AlpSantoGlobalMomentumLLC Please test capturing using the code below. ``` New-NetEventSession -Name LLDPTest -LocalFilePath C:\Windows\Temp\lldp_test.etl Add-NetEventPacketCaptureProvider -SessionName LLDPTest -TruncationLength 0 -LinkLayerAddress '01-80-c2-00-00-0e', '01-80-c2-00-00-03', '01-80-c2-00-00-00' Get-NetAdapter | Where-Object { $_.Status -eq 'Up'...

@AlpSantoGlobalMomentumLLC You did perform those last captures in an elevated PowerShell window, right?

@AlpSantoGlobalMomentumLLC Maybe if we try to only capture on a single NIC: ``` New-NetEventSession -Name LLDPTest -LocalFilePath C:\Windows\Temp\lldp_test.etl Add-NetEventPacketCaptureProvider -SessionName LLDPTest -TruncationLength 0 -EtherType 0x88cc Add-NetEventNetworkAdapter -Name 'EmbeddedFlexibleLOM1Port4' -PromiscuousMode $True...

@AlpSantoGlobalMomentumLLC You can try to capture CDP/LLDP using netsh trace or pktmon, but if NetEventSession is unable to capture I suspect the other builtin Windows tools will also fail. In...

Closing this as I can't reproduce it and more than a year has gone by without an answer to my last question.

Sorry for the late reply. It is correct that only the first packet will be displayed. That was a design choice. I think none of the packets should be able...

Closed because I cant test this, I need more info and it has been almost a year without an answer.

My understanding is that frames with destination 0180C200000E should never be forwarded. The phone should drop the LLDP frame from the switch.