VoIP Hopper http://snapvoip.blogspot.com/
VoIP Hopper is intended for network engineers, VoIP administrators, and professional security testers to assess the security of networks they have permission to test / assess. Even though VoIP Hopper is a VoIP infrastructure security testing tool, it could effectively be used to test the security status of VLANs as well.
The tool is GPLv3 licensed and is written in C. One needs a Linux based system, a C compiler and good old libpcap to make and run. The tool is designed to run a VLAN Hop into the Voice VLAN on targeted Ethernet switches. VoIP Hopper mimics an IP Phone, in Cisco, Avaya, Nortel, and Alcatel-Lucent environments. IP Phone emulation requires discovery of the correct 12 bit Voice VLAN ID (VVID) used by the IP Phones and is accomplished via multiple protocol discovery methods (CDP, DHCP, LLDP-MED, 802.1q ARP). Once the initial stem is accomplished, VoIP Hopper creates a virtual VoIP Ethernet interface on the OS. It then inserts a spoofed 4-byte 802.1q vlan header containing the 12 bit VVID into a spoofed DHCP request. Once it receives an IP address in the VoIP VLAN subnet, all subsequent Ethernet frames are "tagged" with the spoofed 802.1q header.
There are many uses of the tool for a VoIP engineer or professional and needs to invest some time learning the tool. VoIP Hopper site provides a swath of information, including code download, instructions and video tutorials (Of on which is embedded below). Happy ethical hacking.