Wireshark Layer 2-3 pcap Challenge Answers

A few weeks ago I published a pcap file along with many challenges in order to invite anyone to download and to solve it. Though there are not that many answers posted in the comment section I hope that the trace file will help many people understanding the layer 2/3 protocols or to work with it during CCNP exam preparation.

Following are my answers to the 46 challenges I posted back then. I’ll not only give you the mere results but many Wireshark screenshots with some notes on how to get them. Here we go:

For the record lets start with the answers at a glance:

The Mere Results

For the first BONUS challenge I used the following display filter: not icmp and not ripng and not cdp and not stp and not lldp and not hsrp and not udld and not loop and not rip and not syslog and not dtp and not ntp and not lacp and not vtp and not dns and not icmpv6 and not bootp and not ssh and not tftp and not tcp.dstport == 22 and not tcp.srcport == 22 and not arp and not snmp and not udp.srcport == 1967 and not udp.dstport == 1967 . ;)

At least the following two protocols were completely unknown to me. Here are some links:

All Details w/ Wireshark

Now lets dig into more details. The following screenshots are ordered in the same sequence as the challenges were listed. Have fun!

That’s it. Thanks for reading. ;)

Featured image: “Results” by Dan Mumford is licensed under CC BY-NC-ND 2.0.

Leave a Reply

Your email address will not be published. Required fields are marked *