Tutorial: WLAN Trunking Protocol (VTP)

This tutorial discusses the plugin vtpDecode. VTP is a protocol for configuration and administration of VLANs in cisco networks.

Preparation

Before we start we need to prepare T2. If you did not complete the tutorials before just follow the procedure described below.

First I recommend to set T2 into a pristine state by removing all unnecessary or older plugins from the default plugin folder ~/.tranalyzer/plugins. Just as a precaution if you have some old plugins or files there. If you like to keep them, please copy them away.

$ t2build -e
Are you sure you want to empty the plugin folder '/home/wurst/.tranalyzer/plugins' (y/N)? y
Plugin folder emptied
$

Then compile the following plugins

$ t2build tranalyzer2 basicFlow vtpDecode txtSink
...
BUILD SUCCESSFUL

$

If you did not create a separate data and results directory yet, please do it now in another cmd window, it facilitates your workflow:

$ mkdir ~/data ~/results
$

Download the sample pcap here: . Now you’re all set.

vtpDecode

Let’s look at the plugin configuration first:

$ vtpDecode
$ vi src/vtpDecode.h

Run t2 on the supplied pcap.

$ t2 -r ~/data/ -w ~/results/ -s
$

So the aggregated vtpStat with value 0x01 tells us there is VTP.

$ tawk -V vtpStat=0x01
The vtpStat column with value 0x01 is to be interpreted as follows:

   bit | vtpStat | Description
   =============================================================================
     0 | 0x01    | Flow is VTP
$ cd ~/results
$ tcol

Don’t forget to reset the plugin configuration for the next tutorial.

$ t2conf vtpDecode --reset && t2build vtpDecode
...
$

Have fun analyzing.