By stretch | Friday, September 26, 2008 at 12:19 a.m. UTC
I thought it'd be fun to do a little contest over the weekend. Attached below are two files: a packet capture and the configuration of a Catalyst 2960 running IOS 12.2(25)FX. The challenge? Determine the ID of the VLAN from which the packet capture was taken.
If you think you've got it, email your answer (along with a brief explanation of how you arrived at it) to stretch at packetlife dot net, with the word "contest" in the subject. Make sure to get your entry in by 23:59 GMT Sunday, 28 September. The answer will be posted on Monday.
- No, CDP is not included in the capture. This is intended to be a challenge.
- This is not a trick question. The answer is a number between 1 and 4095, inclusive.
- The answer is reachable with the data provided.
- Entries must include an explanation of how you arrived at your answer; no guessing.
- One entry per person.
To make things interesting, three correct entries will be chosen at random and the submitters will each win a free copy of Ethernet: The Definitive Guide by Charles Spurgeon (an excellent book on Ethernet technologies), shipped from Amazon.com.
Edit: Once more, please submit your entry via E-mail only (with the word "contest" in the subject). Also, responding to E-mails individually would give away the answer, so unfortunately you'll have to check back Monday to see if you got it. The three randomly chosen winners will be notified directly later that day.
Edit 2: The entries are in and the winners have been announced! The solution to the challenge is also provided.
About the Author
Jeremy Stretch is a network engineer living in the Raleigh-Durham, North Carolina area. He is known for his blog and cheat sheets here at Packet Life. You can reach him by email or follow him on Twitter.
Posted in Announcements
September 26, 2008 at 4:45 p.m. UTC
Will an explanation of the technique used to identify the VLAN be provided Monday?
September 26, 2008 at 5:00 p.m. UTC
Of course. =)
September 26, 2008 at 6:33 p.m. UTC
pretty tricky. all ways i went, went wrong. all i know: forget about the ip packets - fa0/6 is an access port ... 7 yrs old image i think - but am not a cisco guy. forensic challenge deluxe - thanks for that! by far the most interesting site on networking! fire up wireshark and dig into that, learned hell of a a lot, but still not solved it.. :-) - isl maybe a hint?
September 26, 2008 at 7:51 p.m. UTC
Awesome blog BTW. It's a daily reader now.
September 27, 2008 at 3:30 a.m. UTC
I love this blog so much. It not only update my knowledge, well it does lead me to other good web site as well. Nevertherless, I have recommend to many of my collegues
September 27, 2008 at 4:17 a.m. UTC
A friend just gave me this link ... This is an awesome site! Thank you so much for sharing your knowledge with the rest of us!!!
September 28, 2008 at 6:28 a.m. UTC
I'm looking forward to seeing the technique for identifying this mystery VLAN. :)
September 28, 2008 at 11:07 p.m. UTC
The technique is pretty simple and subtle. Stretch has even covered it in a previous post. One more hint...the config only provides a single bit of information that you need when reviewing the packet capture. The capture file contains the info you need. :D