So I'm having a strange issue trying to capture CDP packets. I wrote my own light weight application utilizing the wpcap.dll and built a filter and a parser everything was working fine until I started testing with other computers. It was then I figured out that my application will NOT capture CDP packets if wire shark is not running.
It is capturing an parsing packets fine I can see them scrolling by but I never get a CDP hit. My switches are set to advertise every 60 seconds but I can leave my program open for 10 mins and then open wireshark and get a CDP packet. If I close Wireshark I no longer see the CDP packets.
I'm using the filter 'ether[20:2] == 0x2000' looking for type '0x01E3'
