VLAN challenge answer
By stretch | Monday, September 29, 2008 at 2:04 a.m. UTC
The VLAN challenge is over and the results are in! I received 112 entries total, of which 60 had the correct answer: VLAN 2405. Congratulations to the submitters of the three randomly-selected correct answers! I'll be in contact with these individuals shortly to arrange shipment of their books.
- Josh Atterbury
- Istvan
- Dan Kirkland
Congratulations are due for everyone who came up with the correct answer, especially those who worked to arrive at it. Let's look at how the answer could be found...
Solution
The answer actually appears in the packet capture 29 times; once per STP BPDU. What's special about STP? Take a close look at the bridge priority:
Notice the bridge priority is advertised as 35173. However, referencing our configuration file we can see that no STP priority has been manually configured, so the switch should have the default priority of 32768. The difference in these numbers is an effect of IEEE 802.1t (enabled with the line spanning-tree extend system-id
), which sets the last 12 bits of the 16-bit bridge priority to the VLAN identifier. So, we can deduce 35173 - 32768 = 2405.
Additionally, the UDLD packets offer a very obvious indication that the capture was taken from interface Fa0/6, though this doesn't contribute to the answer.
The majority of the incorrect answers I received suspected the capture was taken from VLAN 1, due to the inclusion of ISL-encapsulated DTP packets. This is an oddity of Cisco's DTP, and as a few readers pointed out, the 2960 doesn't even support ISL trunking. A few entries had the right idea about the bridge priority, but misinterpreted the bytes (taking the first two bytes of the MAC address as the priority), and unfortunately couldn't be counted.
So, if you got the answer, give yourself a pat on the back, and if not, don't sweat it. Now everyone knows!
Posted in Announcements
Comments
September 29, 2008 at 4:31 a.m. UTC
112 entries, that's a lot. Thanks for the contest, it was fun.
September 29, 2008 at 6:43 a.m. UTC
Thanks Stretch, I was as excited as a child the whole weekend :)
September 29, 2008 at 8:53 a.m. UTC
Nice contest, hope you do more ( even without the prizes )
September 29, 2008 at 10:50 a.m. UTC
Nice to see that i got this right! I wonder why on earth I got a VLAN of 2405.. strange number to pick for a VLAN.... Even without the Switch Config.. you can always convert the priority to binary and take the last 12 bits (LSB) convert it to decimal and you will arrive at the answer..
September 29, 2008 at 12:10 p.m. UTC
Arg! I'm kicking myself for not getting that. Fun contest, thanks Stretch!
September 29, 2008 at 12:12 p.m. UTC
Sup Stretch, I agree with vsaltao, I like the idea of these challenges, hopefully we'll see some more quite soon!
September 29, 2008 at 2:24 p.m. UTC
I would also love to see more, even without prizes.
September 29, 2008 at 6:50 p.m. UTC
The challenge was great and like you to have more challenges in coming weekends. Great work!!!
September 30, 2008 at 10:02 a.m. UTC
Awesome challenge, didn't get the answer (noticed the non default priority, but wasn't sure if it was relevant). It was interesting and fun though, so i'm with everyone else: more challenges please! =)
Great site too, been a daily reader since finding it on isc.sans.
September 30, 2008 at 12:18 p.m. UTC
Great challenge, I didn't get the right answer but I did learn a lot. Look forward to more in the future.
Thanks
October 1, 2008 at 12:51 p.m. UTC
Excellent challenge!
If you are ever looking for ideas for blog topics, I would especially enjoy some on packet analysis.
November 14, 2008 at 6:26 a.m. UTC
Good on you Buddy keep it up u.....