PSDiscoveryProtocol not working with NetAdapter Team Members

Question

PSDiscoveryProtocol not working with NetAdapter Team Members

Closed this issue 9 months ago · 12 comments

Hi,

I've been trying to get LLDP or CDP Data for NICs that a part of a team, however it only returns data for the virtual NIC on the team itself (where I would not expect data at all), not for the actual physical team members (where I would expect data).
This seems to come from the fact that NetEventSession isn't returning any events for the physical team members. I tried all combinations of the switches it has but can't seem to capture data for it.
Wireshark for example captures the data just fine, same for LDWin (which uses tcpdump.exe), but NetEventSession doesn't see it.

Do you got any idea? I've tested it on a bunch of servers with the normal Lbfo Teams and the new Hyper-V Switch Embedded Teams but none of them seems to capture data for the underlying NICs.

Answer 1 · 2024-02-02T19:46:50.000Z

If you can successfully capture LLDP or CDP using NetEventPacketCapture then I can probably get it to work in PSDiscoveryProtocol, but I don't have any way of testing.

Answer 2 · 2024-02-02T20:48:05.000Z

Today I couldn't get it captured using NetEventpackageCapture but I'll try again on monday, maybe a fresh start helps..

Answer 3 · 2024-02-07T19:45:43.000Z

I am not sure if this was fixed or its just not an issue for me. We have hundreds of servers with Teaming enabled. This module is collecting CDP info correctly for me (mostly).

However, I also agree its also collecting CDP info for the Team adapters which doesn't make sense. Only the member adapters for a Team adapter are actually connected. The Team adapter has the actual IP settings, but it doesn't directly connect to any equipment.

I made a change that appropriately removes Team adapters. Within the "Invoke-DiscoveryProtocolCapture" function and I made the following changes:

In this section/area of code in the function, it was this:

 $Adapters = Get-NetAdapter @CimSession | Where-Object { $_.Status -eq 'Up' -and $_.InterfaceType -eq 6 } | Select-Object Name, MacAddress, InterfaceDescription, InterfaceIndex
            
if ($Adapters) {
    MACAddresses = $Adapters.MacAddress.ForEach({ [PhysicalAddress]::Parse($_).ToString() })
    $SessionName = 'Capture-{0}' -f (Get-Date).ToString('s')
    .###...etc....###

And I changed it to this:

 $Adapters = Get-NetAdapter @CimSession | Where-Object { $_.Status -eq 'Up' -and $_.InterfaceType -eq 6 } | Select-Object Name, MacAddress, InterfaceDescription, InterfaceIndex
            
#Remove Team Adapters (they don't have CDP Info)
$teamAdapters = (Get-NetLbfoTeam @CimSession).Name

$cleanList = @()
foreach ($Adapter in $Adapters) {
     if($Adapter.Name -notin $teamAdapters){$cleanList += $Adapter}
}
$Adapters = $cleanList
if ($Adapters) {
    MACAddresses = $Adapters.MacAddress.ForEach({ [PhysicalAddress]::Parse($_).ToString() })
    $SessionName = 'Capture-{0}' -f (Get-Date).ToString('s')
    .###...etc....###

Essentially, I just get the name of the Team adapters using the "Get-NetLbfoTeam" function and remove them from the $Adapters array. Now it only returns valid adapters.

Answer 4 · 2024-02-07T20:25:18.000Z

Hey @TrevorW7,

so you're saying you do get results for adapters that are part of a team? I've been trying again on monday but to no avail. It seems to be caused by the fact that NetEventPacketCapture is returning nothing for them.

Answer 5 · 2024-02-07T20:35:05.000Z

Yes, I am collecting CDP info from the adapters that are members of teams without issue. Only minimum requirement I have found so far is PowerShell 5.1 or higher. We have servers that only have PS 4.0 and they won't work at all, which makes sense to me. Just need to updates PS.

Answer 6 · 2024-02-07T22:49:06.000Z

Ok, then I'll try to reproduce the behavior I'm seeing on a non domain server - must be something in our environment then.
What I noticed netsh trace didn't find the packets while pktmon did.

Answer 7 · 2024-02-08T08:51:29.000Z

@TrevorW7 I just tried to reproduce it on a non domain machine, same observation. However what I just noticed: It seems to work for Teams that are configured switch independent, while it does not work for LACP teams.
Are your teams all switch independent by chance?

Answer 8 · 2024-02-08T13:00:22.000Z

Nearly all the Teaming we have is setup with multiple switches using LACP. Are you using Cisco switches or another brand that should support CDP? Are the switches older or newer (I.e. using CDP 1 or 2)? Our switches are relatively new Cisco switches using CDP 2. If we use Wireshark portable, filtering on "cdp" shows the CDP packets within 60 seconds every time.

Answer 9 · 2024-02-08T13:07:00.000Z

What do you get when you type "show cdp" in the switch? Is is set to send every 60 seconds? Hold time is 180 seconds? Encapsulation is ARPA? CDPv2 is enabled? Using "show interface" shows the interface and the protocol is up? Correct?

Answer 10 · 2024-02-08T14:19:00.000Z

Yes, cdp is set to send all 60 seconds. I can neither capture lldp nor cdp using this module (via NetEventPacketCapture). It does work via pktmon and wireshark through, I can see both CDP and LLDP there.
Might be the same as #29, however he is indicating that he can see them using net sh trace which doesn't work for me either.

Answer 11 · 2024-02-08T14:28:21.000Z

Not sure what to say. If you say NetEventPacketCapture isn't working, that isn't a problem with the author's code. If it were me, I'd open a case with Microsoft. It's working great for me and I'm loving that I don't have to install anything on the servers where I need to collect CDP info. Alternatives are tshark, tcpdump, or pktmon.

Answer 12 · 2024-02-08T15:23:54.000Z

Yes, agreed. This is not an issue with this module. I'll close the case off, not sure if I go for a Microsoft case through, given the average time needed to get the case to someone that understands the issue.