Some times, you need to find out which Network switch and switch port are connected to which NIC of the server. In these scenarios, you can use “tcpdump” command in your Linux/UNIX shell to find out network switch and switch port which is connected to a NIC.

Note: The server should have tcpdump installed to use this.

Here is the Syntax of the command: 

tcpdump -nn -v -i <NIC_INTERFACE> -s 1500 -c 1 ‘ether[20:2] == 0x2000‘ 


labserver:~ # tcpdump -nn -v -i eth3 -s 1500 -c 1 ‘ether[20:2] == 0x2000’
tcpdump: listening on eth3, link-type EN10MB (Ethernet), capture size 1500 bytes
03:25:22.146564 CDPv2, ttl: 180s, checksum: 692 (unverified), length 370
Device-ID (0x01), length: 11 bytes: ch-bx48-sw13‘ 
Address (0x02), length: 13 bytes: IPv4 (1)
Port-ID (0x03), length: 15 bytes: FastEthernet0/7‘ 
Capability (0x04), length: 4 bytes: (0x00000028): L2 Switch, IGMP snooping
Version String (0x05), length: 220 bytes:
Cisco Internetwork Operating System Software
IOS ™ C2950 Software (C2950-I6Q4L2-M), Version 12.1(14)EA1a, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Tue 02-Sep-03 03:33 by antonino
Platform (0x06), length: 18 bytes: ‘cisco WS-C2950T-24’
Protocol-Hello option (0x08), length: 32 bytes:
VTP Management Domain (0x09), length: 6 bytes: ‘ecomrd’
Duplex (0x0b), length: 1 byte: full
AVVID trust bitmap (0x12), length: 1 byte: 0x00
AVVID untrusted ports CoS (0x13), length: 1 byte: 0x00
1 packets captured
2 packets received by filter
0 packets dropped by kernel
labserver:~ #

In the above example, The network switch name and Port connected are highlighted.