Skip to content

SwampSec/dtpscan-windows

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
DTPScan.ps1
DTPScan.ps1
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
dtpscan.sh
dtpscan.sh
 
 

Repository files navigation

DTPScan (PowerShell Port for Windows)

DTPScan is a Windows PowerShell port of the original Bash-based VLAN DTP scanner by Daniel Compton. It passively listens for Dynamic Trunking Protocol (DTP) packets to detect VLAN hopping vulnerabilities on Cisco switches.

This version works entirely on Windows and uses tshark (included with Wireshark) for packet sniffing.

Features

  • Sniffs DTP traffic to identify trunking mode
  • Detects auto, desirable, trunk, access, and other common DTP states
  • Fully passive — no packets are sent
  • CLI-only, suitable for security assessments and red team labs

Requirements

  • Wireshark installed with tshark (CLI capture tool)
  • PowerShell (tested on Windows 10/11 with PowerShell 5.1+)
  • Admin privileges (to capture packets from interfaces)

Installation

  1. Install Wireshark

    • Ensure you check "Install TShark" during setup
    • Also install Npcap when prompted

  2. Add Wireshark to your system PATH:

    • Add this to your PATH if not already: 
      C:\Program Files\Wireshark

  3. Clone this repository:

    git clone https://github.com/SwampSec/dtpscan-windows.git
cd dtpscan-windows

Usage

  1. Open PowerShell as Administrator
  2. Run the script: 
    .\DTPScan.ps1
  3. When prompted, choose the correct interface number (you can run tshark -D to list them ahead of time)

Example Output

[+] DTP was found enabled in mode 'switchport mode dynamic desirable'.
[+] VLAN hopping should be possible.

If DTP is not detected:

[!] No DTP packets were found. DTP is probably disabled and in 'switchport nonegotiate' mode.

DTP Mode Codes Detected

DTP Mode Code Meaning VLAN Hopping?
0x03 Dynamic Auto (default) ✅ Possible
0x83 / 0x04 Dynamic Desirable ✅ Possible
0x84 Dynamic Auto ✅ Possible
0x81 Trunk ❌ Not Possible
0x02 Access ❌ Not Possible
0xa5 Trunk (802.1Q encapsulation forced) ❌ Not Possible
0x42 Trunk (ISL encapsulation forced) ❌ Not Possible

Notes

  • This script only tests the port you're connected to
  • Just because one port blocks DTP doesn't mean others do
  • Useful in red team or lab environments to validate switch misconfigurations

Legal Disclaimer

This tool is intended for educational and authorized security testing purposes only.
Unauthorized use on networks you do not own or have permission to test is strictly prohibited.

Credit

About

No description, website, or topics provided.

Resources

Readme

License

AGPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages