A few weeks ago I published a pcap file along with many challenges in order to invite anyone to download and to solve it. Though there are not that many answers posted in the comment section I hope that the trace file will help many people understanding the layer 2/3 protocols or to work with it during CCNP exam preparation.
Following are my answers to the 46 challenges I posted back then. I’ll not only give you the mere results but many Wireshark screenshots with some notes on how to get them. Here we go:
For the record lets start with the answers at a glance:
The Mere Results
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
STP1: 24576 / 121 / 00:0a:8a:a1:5a:80 STP2: 4.762981 STP3: 128.72 CDP1: Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(2)SE9, RELEASE SOFTWARE (fc1) CDP2: 2 VTP1: webernetz.net VTP2: VLAN30nochnvlan VTP3: 13 DTP: 1 LACP1: 26, 282 LACP2: 32768 LLDP: 2003:51:6012:121::10 UDLD: Gi0/2 HSRP: fe80::5:73ff:fea0:7f DHCP1: 00:21:70:e9:bb:47 DHCP2: Microknoppix DHCP3: 192.168.20.11 DHCP4: 192.168.30.11 SNMP: n5rAD1ig314IqfioYBWw Syslog: %IPV6_ACL-6-ACCESSLOGP: list vty-access/10 permitted tcp 2003:51:6012:110::B15:22(60892) -> 2003:51:6012:121::2(22), 1 packet NTP: DCF77 IP SLA: 192.168.121.253, 192.168.121.254 DNS1: 2003:51:6012:120::a08:53 DNS2: ip.webernetz.net DNS3: 2 DNS4: no TFTP1: $1$kI2F$Sz18KSQV/D/QJpbpIGpH10 TFTP2: $1$Z.9j$Nvobsx9NvJzqtRLQqR.9b0 TFTP3: asdfasdf TFTP4: password ARP: 00:1e:7a:79:3f:11 LOOP: 5 RIP: 192.168.121.253, 192.168.121.254 RIPng: fe80::214:69ff:fe9e:1141, fe80::21a:6cff:fea1:2b99 ICMPv6 RS/RA1: 2003:51:6012:121::/64, 2003:51:6012:122::/64 ICMPv6 RS/RA2: None ICMPv6 NS/NA: 2003:51:6012:121::cafe ICMPv6 Ping: 01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f:10:11:12:13:14:15:16:17:18:19:1a:1b:1c ICMP: 10 SSH: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 BONUS1: DEC-MOP-Remote-Console BONUS2: IP SLA with udp-jitter BONUS3: 22, 27, 1, 56 BONUS4: 11.6 BONUS5: 763, 586 BONUS6: 00:00:0c:9f:f0:79 |
At least the following two protocols were completely unknown to me. Here are some links:
- LOOP: what’s a LOOP traffic in ethereal? –> Ethernet Configuration Testing Protocol and for much more information here: CTP.
- DEC-MOP-Remote-Console: What is Dec MOP and how to disable it? –> DECnet
All Details w/ Wireshark
Now lets dig into more details. The following screenshots are ordered in the same sequence as the challenges were listed. Have fun!
That’s it. Thanks for reading. ;)
Featured image: “Results” by Dan Mumford is licensed under CC BY-NC-ND 2.0.