Layer 2 management protocols like STP, MSTP, TRILL, SPB, CDP, VTP, HSRP, etc., should never be visible on user facing ports. There are some technical challenges when deploying something like VOIP in a converged network solution, but barring this, having these protocols exposed is an easy to find and obvious indication of misconfiguration.

In this short video we look at a quick intro to Wireshark, look at a few of the features and see easy ways to find these packets if they are visible. We also talk about how a network engineer or security engineer would weed out traffic, identifying interesting traffic that does not belong.

This video is a sample of one of the labs covered in the SANS Advanced Audit course (AUD507) by David Hoelzer. Visit http://www.sans.org for more information!