Tuesday, August 01, 2006

More Notes for TCP/IP Weapons School Students

For countermeasures for many of the attacks discussed in class, one great document with discussions and Cisco command syntax is the NSA's Cisco IOS Switch Security Configuration Guide.

During class a question on jumbo Ethernet frames (usually 9000 bytes) was asked. A jumbo frame uses EtherType 0x8870, as shown in this excerpt from tcpdump/ethertype.h:

#ifndef ETHERTYPE_JUMBO
#define ETHERTYPE_JUMBO 0x8870
#endif

Notice that 0x8870 is not listed in the official IANA assignment list.

I found this note which said some jumbo frames use EtherType 0x0800, but the application data is simply larger than normal (1500 bytes).

A question was asked regarding differences between Cat 5, Cat 5e, Cat 6, and Cat 7 cables. This article provides an overview. Wikipedia is also helpful, as long as no random user edits it to be incorrect.

On slide 133 I said "auto" is the default DTP mode on Cisco switches. I have seen conflicting news on this, with both my switch operating in "desirable" mode by default and Cisco documentation reporting "desirable" as the default. I recommend considering DTP mode "desirable" as the default, not auto. If any blog reader can confirm, I would appreciate it.

2 comments:

Anonymous said...

Link to IANA is broken. It is relative instead of absolute.

Richard Bejtlich said...

Fixed, thanks.