Wireshark Quick Tip: Replaying Captured VoIP Calls (by Chris Greer)
Wireshark TCP Protocol Sequence Number Customized (by Ray Tompkins)

LLTD: The 80's just called and want their layer 2 back (by Tony Fortunato)

Tony_fortunatoThe_tech_firmAuthor Profile - Tony Fortunato is a Senior Network Specialist with experience in design, implementation, and troubleshooting of LAN/WAN/Wireless networks, desktops and servers since 1989. His background in financial networks includes design and implementation of trading floor networks. Tony has taught at local high schools, Colleges/Universities, Networld/Interop and many onsite private classroom settings to thousands of analysts. Tony is an authorized and certified Fluke Networks and Wireshark Instructor. His Pine Mountain Group CNA Level I and II certification demonstrates his vendor neutral approach to network design, support and implementations. Tony has architected, installed and supported various types of Residential Wireless High Speed as well as hundreds of WIFI hotspots. Tony uses a variety of technologies from Powerline, Wireless and wired technologies to find the most cost-efficient and reliable solution for his customers. Tony combines custom programs, open source and commercial software to ensure a simple support infrastructure.


Since the introduction of Microsoft Vista I have seen more and more layer 2 and IPv6/v4 multicast traffic.  Depending on your network design and your computer configuration, these pesky little packets can really cause you a lot of grief.  In this little write up I will touch on the layer 2 network noise.

For those of you who had the opportunity to see the evolution of networking, you will clearly remember the challenges layer 2 protocols caused as we moved to routed segments and VLANs.  NetBEUI, DLC, LLC and their relatives were all banished since they could not natively traverse the new routed networks.  So why would Microsoft re-introduce this in this day and age.  Wait a minute, I have to reformat my 5 1/2" drive on my 286 desktop, running DOS 3.3....  ;b

Many network designers have spent long hours trying to figure out how to segment their networks with the least amount of impact, network reconfiguration while maintaining acceptable performance levels.

You can guess how surprised I was when I learned that Microsoft has installed their Link Layer Topology Discovery Protocol by default so we can have a pretty 'Network Map' that no one I know has ever used.

I first noticed this when I setup my new laptop with Windows 7 and performed my first Wireshark capture.  This gave me an idea of what a capture would look like in my parents basement during one of our italian get-togethers...  Yikes...

I have updated my Microsoft Networking Course notes, which I will share with you.

This protocol is used - usually at home - to discover and access devices that may have had a DHCP assigned address.  For example a web-cam, network printer, router, media center server...  I'm sure you get my drift.

In many of my 'Network Janitor' engagements, I single this out as a protocol to clean up ASAP.  I say this because in most corporate environments, there isn't a need to discover anything.  You usually know the ip address or host name of your network services and servers.  If you had to look anything up it would be via DNS, LDAP or WINS. 

Some customers counter that they disable this when people log on, (or via a Group Policy) but I ask, what happens if they log into a local account, or use their laptop outside of the corporate network?  I'm from the opinion, "If you don't need it, get rid of it".








Continue reading other LoveMyTool posts by Tony Fortunato »