{"id":27498,"date":"2017-04-09T13:23:41","date_gmt":"2017-04-09T11:23:41","guid":{"rendered":"https:\/\/mamchenkov.net\/wordpress\/?p=27498"},"modified":"2017-04-10T08:54:33","modified_gmt":"2017-04-10T06:54:33","slug":"wireshark-layer-2-3-pcap-analysis-w-challenges-ccnp-switch","status":"publish","type":"post","link":"https:\/\/mamchenkov.net\/wordpress\/2017\/04\/09\/wireshark-layer-2-3-pcap-analysis-w-challenges-ccnp-switch\/","title":{"rendered":"Wireshark Layer 2-3 pcap Analysis w\/ Challenges (CCNP SWITCH)"},"content":{"rendered":"<!-- google_ad_section_start -->\n<p><a href=\"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2017\/04\/CCNP-SWITCH-Lab-Sketch-Johannes-Weber-722x1024.jpg?ssl=1\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"27499\" data-permalink=\"https:\/\/mamchenkov.net\/wordpress\/2017\/04\/09\/wireshark-layer-2-3-pcap-analysis-w-challenges-ccnp-switch\/ccnp-switch-lab-sketch-johannes-weber-722x1024\/\" data-orig-file=\"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2017\/04\/CCNP-SWITCH-Lab-Sketch-Johannes-Weber-722x1024.jpg?fit=722%2C1024&amp;ssl=1\" data-orig-size=\"722,1024\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"CCNP-SWITCH-Lab-Sketch-Johannes-Weber-722&amp;#215;1024\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2017\/04\/CCNP-SWITCH-Lab-Sketch-Johannes-Weber-722x1024.jpg?fit=660%2C936&amp;ssl=1\" class=\"aligncenter size-medium wp-image-27499\" src=\"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2017\/04\/CCNP-SWITCH-Lab-Sketch-Johannes-Weber-722x1024-353x500.jpg?resize=353%2C500&#038;ssl=1\" alt=\"\" width=\"353\" height=\"500\" srcset=\"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2017\/04\/CCNP-SWITCH-Lab-Sketch-Johannes-Weber-722x1024.jpg?resize=353%2C500&amp;ssl=1 353w, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2017\/04\/CCNP-SWITCH-Lab-Sketch-Johannes-Weber-722x1024.jpg?resize=722%2C1024&amp;ssl=1 722w\" sizes=\"auto, (max-width: 353px) 100vw, 353px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/blog.webernetz.net\/\">Johannes Weber<\/a>, a networking and security professional, has done <a href=\"https:\/\/blog.webernetz.net\/2017\/03\/29\/wireshark-layer-2-3-pcap-analysis-w-challenges-ccnp-switch\/\">something really cool<\/a> while preparing for his CCNP SWITCH exam. \u00a0He has built a lab with some networking equipment, configured it all, and captured network traffic, featuring a variety of level 2 and 3 protocols. \u00a0He has published his setup, the captured traffic, and a variety of challenges, that helped him to prepare, and which can help others.<\/p>\n<blockquote><p>While preparing for my CCNP SWITCH exam I built a laboratory with 4 switches, 3 routers and 2 workstations in order to test almost all layer 2\/3 protocols that are related to <strong>network management traffic<\/strong>. And because \u201c<a href=\"https:\/\/www.netresec.com\/?page=Blog&amp;month=2014-05&amp;post=PCAP-or-it-didn%27t-happen\" target=\"_blank\">PCAP or it didn\u2019t happen<\/a>\u201d I captured 22 of these protocols to further investigate them with Wireshark. Oh oh, I remember the good old times where I merely used unmanaged layer 2 switches. &#x1f609;<\/p>\n<p>In this blogpost <strong>I am publishing the captured pcap file<\/strong> with all of these 22 protocols. I am further listing <strong>45 CHALLENGES as an exercise for the reader<\/strong>. Feel free to download the pcap and to test your protocol skills with Wireshark! Use the comment section below for posting your answers.<\/p>\n<p>Of course I am running my lab <strong>fully dual-stacked, i.e., with IPv6 and legacy IP<\/strong>.<\/p><\/blockquote>\n<p>I think these are great for several reasons:<\/p>\n<ul>\n<li>A feature-rich and complete networking setup, which is not easily available to everyone.<\/li>\n<li>A fixed set of data (captured network traffic).<\/li>\n<li>Plenty of very specific, testable, and verifiable questions.<\/li>\n<li>Overall, very helpful resource from an experience professional, for anybody who wants to know about networks.<\/li>\n<li>Overall, a great set of questions and challenges for those interviewing networking candidates.<\/li>\n<\/ul>\n<p>The lab setup includes the following:<\/p>\n<blockquote>\n<ul>\n<li>1x Cisco Catalyst <strong>2960<\/strong>, (C2960-LANBASEK9-M), Version 15.0(2)SE9<\/li>\n<li>2x Cisco Catalyst <strong>2950<\/strong>, (C2950-I6K2L2Q4-M), Version 12.1(22)EA14<\/li>\n<li>1x Cisco Catalast <strong>3560<\/strong>, (C3560-IPSERVICESK9-M), Version 12.2(55)SE10<\/li>\n<li>3x Cisco <strong>Router 2811<\/strong>, (C2800NM-ADVENTERPRISEK9-M), Version 15.1(4)M9<\/li>\n<li>2x old <strong>Notebooks<\/strong>, Dell or somewhat, running either Ubuntu or Knoppix Linux<\/li>\n<\/ul>\n<\/blockquote>\n<p>Personally, I am not very involved with networks these days. \u00a0But even for more me the above setup serves as a reminder of how complex underlying technology infrastructure has got in recent years &#8211; hardware, software, protocols, and all.<\/p>\n<!-- google_ad_section_end -->\n","protected":false},"excerpt":{"rendered":"<!-- google_ad_section_start -->\n<p>Johannes Weber, a networking and security professional, has done something really cool while preparing for his CCNP SWITCH exam. \u00a0He has built a lab with some networking equipment, configured it all, and captured network traffic, featuring a variety of level 2 and 3 protocols. \u00a0He has published his setup, the captured traffic, and a variety &hellip; <a href=\"https:\/\/mamchenkov.net\/wordpress\/2017\/04\/09\/wireshark-layer-2-3-pcap-analysis-w-challenges-ccnp-switch\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Wireshark Layer 2-3 pcap Analysis w\/ Challenges (CCNP SWITCH)<\/span><\/a><\/p>\n<!-- google_ad_section_end -->\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"Wireshark Layer 2-3 pcap Analysis w\/ Challenges (CCNP SWITCH) #networks #Cisco #SysAdmin #protocols #TCPIP","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_links_to":"","_links_to_target":""},"categories":[1,133,62],"tags":[2412,281,3296,1108],"keyring_services":[],"class_list":["post-27498","post","type-post","status-publish","format-standard","hentry","category-general","category-sysadmin","category-technology","tag-cisco","tag-networks","tag-protocols","tag-testing"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":22398,"url":"https:\/\/mamchenkov.net\/wordpress\/2014\/08\/19\/https-availability-affects-websites-google-ranking\/","url_meta":{"origin":27498,"position":0},"title":"HTTPS availability affects website&#8217;s Google ranking","author":"Leonid Mamchenkov","date":"August 19, 2014","format":false,"excerpt":"Google has been pushing for wider HTTPS adoption for a while now - converting its own services, working on the SPDY\/HTTP 2.0 protocols, etc. \u00a0Now, it seems, they want other people to start adopting HTTPS too. \u00a0And what's better way than add it as a signal to Google Search rankings?\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8054,"url":"https:\/\/mamchenkov.net\/wordpress\/2004\/10\/14\/on-instant-messaging\/","url_meta":{"origin":27498,"position":1},"title":"On instant messaging","author":"Leonid Mamchenkov","date":"October 14, 2004","format":false,"excerpt":"Pretty often I get complains from certain people that it is impossible to chat with me online in real-time. The thing is, I do use only two protocols for instant messaging: ICQ and IRC. IRC is by far my favourite one. I like joining a channel or two for a\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":9699,"url":"https:\/\/mamchenkov.net\/wordpress\/2005\/11\/23\/daily-del-icio-us-bookmarks\/","url_meta":{"origin":27498,"position":2},"title":"Daily del.icio.us bookmarks","author":"Leonid Mamchenkov","date":"November 23, 2005","format":false,"excerpt":"Shared bookmarks for del.icio.us user tvset on 2005-11-22 del.icio.us: We rock (part 2) -- This post links to the JavaScript source code for del.icio.us mp3 player. Neat stuff. Tagged as: code del.icio.us javascript mp3 music source webdesign Amateur radio -- Wikipedia entry Tagged as: communications ham networking radio wiki wikipedia\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":7560,"url":"https:\/\/mamchenkov.net\/wordpress\/2004\/06\/09\/p800-updates\/","url_meta":{"origin":27498,"position":3},"title":"P800 updates","author":"Leonid Mamchenkov","date":"June 9, 2004","format":false,"excerpt":"It has been a long time since I checked the SonyEricsson P800 scene. Meanwhile there were plenty software updates and a lot more media content published. I've spent a good deal of today downloading all sorts of sounds and pictures, testing new software products and updating the old ones. Out\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":24806,"url":"https:\/\/mamchenkov.net\/wordpress\/2015\/10\/05\/microsoft-has-developed-its-own-linux\/","url_meta":{"origin":27498,"position":4},"title":"Microsoft has developed its own Linux","author":"Leonid Mamchenkov","date":"October 5, 2015","format":false,"excerpt":"The rumor of Microsoft working on its own Linux distribution has been going around for a while. \u00a0Now it's confirmed by Microsoft themselves: The Azure Cloud Switch (ACS) is our foray into building our own software for running network devices like switches. It is a cross-platform modular operating system for\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":27632,"url":"https:\/\/mamchenkov.net\/wordpress\/2017\/05\/28\/https-on-stack-overflow-the-end-of-a-long-road\/","url_meta":{"origin":27498,"position":5},"title":"HTTPS on Stack Overflow: The End of a Long Road","author":"Leonid Mamchenkov","date":"May 28, 2017","format":false,"excerpt":"Way too often I hear rants from random people (unfortunately, many of them are also from the IT industry, with the deep understanding of the underlying issues) complaining about why company X or product Y doesn't implement this or that feature. \u00a0As someone who has been involved a dozens, if\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2017\/05\/google-ssl-500x267.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]}],"jetpack_sharing_enabled":true,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/27498","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/comments?post=27498"}],"version-history":[{"count":0,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/27498\/revisions"}],"wp:attachment":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/media?parent=27498"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/categories?post=27498"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/tags?post=27498"},{"taxonomy":"keyring_services","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/keyring_services?post=27498"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}