Tag Archives: MAC Address

CCNP SWITCH Lab show commands

Second post of this little series. While I was using my CCNP SWITCH lab for testing many different protocols, I “showed” and saved the output of those protocols as well. Refer to the lab overview of my last post in order to understand those outputs.

I basically saved them as a reference for myself in case I am interested in the information revealed by them. I won’t explain any details of the protocols nor the outputs here. Just many listings. Fly over them and reflect yourself whether you would understand anything. ­čśë Here we go:

Continue reading CCNP SWITCH Lab show commands

Wireshark Layer 2-3 pcap Analysis w/ Challenges (CCNP SWITCH)

While preparing for my CCNP SWITCH exam I built a laboratory with 4 switches, 3 routers and 2 workstations in order to test almost all layer 2/3 protocols that are related to network management traffic. And because “PCAP or it didn’t happen” I captured 22 of these protocols to further investigate them with Wireshark. Oh oh, I remember the good old times where I merely used unmanaged layer 2 switches. ­čśë

In this blogpost I am publishing the captured pcap file with all of these 22 protocols. I am further listing 45 CHALLENGES as an exercise for the reader. Feel free to download the pcap and to test your protocol skills with Wireshark! Use the comment section below for posting your answers.

Of course I am running my lab fully dual-stacked, i.e., with IPv6 and legacy IP. On some switches the SDM template must be changed to be IPv6 capable such as sdm prefer dual-ipv4-and-ipv6 default .

Continue reading Wireshark Layer 2-3 pcap Analysis w/ Challenges (CCNP SWITCH)

Sicheres WLAN: Was wirklich etwas bringt

Vor ein paar Tagen wurde ich ├╝ber Twitter auf einen Artikel aufmerksam, der sich “F├╝nf Tipps f├╝r ein sicheres WLAN” nennt. Cool, so dachte ich, denn schlie├člich ist das eine oft gestellte Frage, wie man denn sein heimisches WLAN so absichern soll. Leider musste ich schnell feststellen, dass drei von den Tipps einfach falsch sind, da sie keine Relevanz f├╝r ein “sicheres WLAN” haben. Einer davon hat obendrein einen gegenteiligen Effekt, indem er sogar mehr ├╝ber das eigene WLAN preis gibt, als ohne. Oh man! Ich verstehe nicht, wieso auch heute noch falsche Tipps f├╝rs WLAN gegeben werden, wobei die Profis, die solche Artikel schreiben, es eigentlich besser wissen m├╝ssten.

Hier daher eine Auflistung der Tipps, die wirklich etwas bringen. Erg├Ąnzend nat├╝rlich auch die Begr├╝ndung, wieso die anderen nichts bringen.

Continue reading Sicheres WLAN: Was wirklich etwas bringt

Zugeh├Ârigkeit von MAC- und IPv6-Adressen speichern (IPv6-Kongress 2014)

Genau wie letztes Jahr stelle ich hier meinen Vortrag vom diesj├Ąhrigen IPv6-Kongress in Frankfurt zur Verf├╝gung. Es ist eine PDF-Datei die jeweils meine Folie sowie meine ganzen Stichpunkte beinh├Ąlt. Somit sollte man den kompletten Inhalt verstehen, auch wenn man nicht beim Vortrag war.


Continue reading Zugeh├Ârigkeit von MAC- und IPv6-Adressen speichern (IPv6-Kongress 2014)

IPv6 Address Statistics based on DAD Messages

After my Tcpdump script for storing MAC-IPv6 address bindings via the Duplicate Address Detection messages (link) and an analysis of the realibility of them (here), I had the idea of a Linux script that analyzes the Tcpdump output for obtaining some IPv6 address statistics. It should not show concrete bindings between MAC- and IPv6-addresses, but the number of different kind of IPv6 addresses, such as link-local or global-unicast addresses, built with or without EUI-64, etc.

In the following, I will present my script and will show the results after running it through the DAD logs of a whole month (March 2014) in a BYOD-WLAN with more than 100 clients.

Continue reading IPv6 Address Statistics based on DAD Messages

Monitoring MAC-IPv6 Address Bindings

In the IPv4 world, the DHCP server allocates IPv4 addresses and thereby stores the MAC addresses of the clients. In the IPv6 world, if SLAAC (autoconfiguration) is used, no network or security device per se stores the binding between the MAC (layer 2) and the IPv6 (layer 3) addresses from the clients. That is, a subsequent analysis of network behaviour corresponding to concrete IPv6 addresses and their client machines is not possible anymore.

A simple way to overcome this issue is to install a service that captures Duplicate Address Detection (DAD) messages from all clients on the subnet in order to store the bindings of MAC and IPv6 addresses. This can be done with a small Tcpdump script on a dedicated Ethernet interface of a Linux host.

In this blog post I will present a use case for storing these bindings, the concept of the DAD messages, a Tcpdump script for doing this job, and the disadvantages and alternatives of this method.

Continue reading Monitoring MAC-IPv6 Address Bindings