The Confidence that Comes from Sniffing/Tracing

Many network engineers spend some time Sniffing what goes over the wire on a LAN. In fact, from talking to students over the years, it's clear that the confidence to answer questions about addresses used in a network (like the one listed in this blog posting) comes from using a Sniffer (or your favorite alternative) to see what's going over the wire. However, when answering questions that involve the WAN many CCNA exam-takers seem to be less confident - in part because fewer network engineers spend time Sniffing the WAN.

First, let me comment briefly on the last question I posted in this blog, and the survey about how long it took everyone to answer the question. The survey showed about 30% of us took more than 70 seconds on that question, with about 50% taking more than 50 seconds - both typical of past surveys about questions listed in this blog.. However, almost 30% of you answered this question in less than 30 seconds. I'd be particularly curious if for those of you who answered quickly, if you have experience running LAN traces, and if that helped your confidence. Or, if you think you knew the answer, but lacked confidence because you hadn't spent any time looking at what goes over the wire, then please take time to weigh in as well.

This week I'll post a question that, like the last one, is easy if you know all the facts, and both easy and fast if you have some Frame Relay WAN experience. For comparison, I'll list a survey where you can click the time it takes you to answer the question

I'll give some hints at the next posting. As usual, don't spill the beans in the heading of any postings you make - leave that for the text so you don't spoil it for other folks. OK, start your timers - here's the question:

Question: PC1 sends one IP packet to PC2, and then one IP packet to PC3. For the packet sent to PC2, which of the following statements are true about these packets, and the frames used to encapsulate them, as the frames leave R1's Frame Relay access link?

A) For the packet going to PC2, the frame contains DLCI 101
B) For the packet going to PC2, the frame contains DLCI 102
C) For the packet going to PC2, the frame contains DLCI 103
D) The DLCI cannot be determined from the information given
E) PC2's MAC address is included in the Frame Relay header
E) R2's MAC address is included in the Frame Relay header

R1#show ip route
Codes: 
C -  connected, S - static, R - RIP, M - mobile, B - BGP
D -  EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i -  IS-IS, su - IS-IS summary, L1 - IS-IS level-1, 
     L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user 
    static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

    172.30.0.0/24 is subnetted, 5 subnets
D   172.30.2.0 [90/2172416] via 172.30.12.2, 00:03:15, 
    Serial0/0/0.2
D   172.30.3.0 [90/2172416] via 172.30.13.3, 00:01:28, 
    Serial0/0/0.3
C   172.30.1.0 is directly connected, FastEthernet0/0
C   172.30.12.0 is directly connected, Serial0/0/0.3
C   172.30.13.0 is directly connected, Serial0/0/0.2
R1#show frame-relay map
Serial0/0/0.3 (up): point-to-point dlci, 
    dlci 102(0x66,0x1860), broadcast status defined, 
	active
Serial0/0/0.2 (up): point-to-point dlci, 
    dlci 103(0x67,0x1870), broadcast status defined, 
	active
R1#show frame-relay pvc

PVC Statistics for interface Serial0/0/0 (Frame Relay DTE)

             Active     Inactive      Deleted       Static
 Local          2            0            0            0
 Switched       0            0            0            0
 Unused         0            1            0            0

DLCI = 102, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, 
INTERFACE = Serial0/0/0.3

input pkts 69           output pkts 56         in bytes 5344      
out bytes 4572          dropped pkts 0         in pkts dropped 0         
out pkts dropped 0               out bytes dropped 0         
in FECN pkts 0          in BECN pkts 0         out FECN pkts 0         
out BECN pkts 0         in DE pkts 0           out DE pkts 0         
out bcast pkts 49       out bcast bytes 4152      
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
pvc create time 00:05:48, last time pvc status changed 00:05:48

DLCI = 103, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, 
INTERFACE = Serial0/0/0.2

input pkts 31           output pkts 31         in bytes 2460      
out bytes 3012          dropped pkts 0         in pkts dropped 0         
out pkts dropped 0               out bytes dropped 0         
in FECN pkts 0          in BECN pkts 0         out FECN pkts 0         
out BECN pkts 0         in DE pkts 0           out DE pkts 0         
out bcast pkts 26       out bcast bytes 2680      
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
pvc create time 00:05:49, last time pvc status changed 00:01:41

DLCI = 101, DLCI USAGE = UNUSED, PVC STATUS = INACTIVE, 
INTERFACE = Serial0/0/0

input pkts 0            output pkts 0          in bytes 0         
out bytes 0             dropped pkts 0         in pkts dropped 0         
out pkts dropped 0               out bytes dropped 0         
in FECN pkts 0          in BECN pkts 0         out FECN pkts 0         
out BECN pkts 0         in DE pkts 0           out DE pkts 0         
out bcast pkts 0        out bcast bytes 0         
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
switched pkts 0         
Detailed packet drop counters:
no out intf 0           out intf down 0        no out PVC 0         
in PVC down 0           out PVC down 0         pkt too big 0         
shaping Q full 0        pkt above DE 0         policing drop 0         
pvc create time 00:05:49, 
last time pvc status changed 00:05:49

• Cisco
• LANs / WANs
• howto