Whilst the CCNA Security exam recommends disabling CDP in the production environment, I felt it didn’t really explain in depth why it’s a good idea. I mean sure, they mention that information about the device is leaked, but what information exactly is leaked? I ran a wireshark capture to find out!

 

CDP

 

I think the above screenshot of the CDP message explains it enough… You can see the native VLAN, which can be used in VLAN hopping attacks, the local subnet in use, in my case a standard /24 is used and you get extremely valuable information about the operating version of the IOS router itself!

About The Author

Timothy started his networking career in 2014, working for one of the largest telecommunication operators in Australia. He has a passion for networking and cyber security. When he's not working, he's obsessing over German Shepherd Dogs.