Practical audit advice you can use today.
# 33 : Analyzing Layer 2 with Wireshark
Layer 2 management protocols like STP, MSTP, TRILL, SPB, CDP, VTP, HSRP, etc., should never be visible on user facing ports. There are some technical challenges when deploying something like VOIP in a converged network solution, but barring this, having these protocols exposed is an easy to find and obvious indication of misconfiguration.

In this short video we look at a quick intro to Wireshark, look at a few of the features and see easy ways to find these packets if they are visible. We also talk about how a network engineer or security engineer would weed out traffic, identifying interesting traffic that does not belong.

This video is a sample of one of the labs covered in the SANS Advanced Audit course (AUD507) by David Hoelzer. Visit for more information!


View All