L2/L3 Protocol Testing — Manual & Automation Master Program (Fundamentals to Expert)

Wireshark is the single most important tool in a protocol tester's toolkit. This module goes far beyond basic capture — you will master every feature used in production test labs.

• Wireshark architecture — libpcap, capture interfaces, promiscuous mode, monitor mode
• Capture filters (BPF syntax) vs display filters — host, port, protocol, logical operators
• Protocol dissectors — VLAN, STP, OSPF, BGP, ARP, ICMP, TCP, UDP, DNS, DHCP
• Follow TCP/UDP stream — reconstructing application data from captures
• Statistics menus — IO graphs, conversation statistics, protocol hierarchy, flow graphs
• Coloring rules for rapid anomaly detection
• tcpdump on Linux nodes — inline capture, write to file, read pcap, remote capture via SSH pipe
• Merging, splitting, and editing pcap files with editcap and mergecap

VLANs are the foundation of every enterprise and carrier L2 network. You will test every VLAN scenario — tagging, trunking, QinQ, and failure modes — against the 802.1Q and 802.1ad IEEE standards.

• 802.1Q frame format — TPID (0x8100), PCP, DEI, VID field verification in Wireshark
• Access port vs trunk port behaviour — tag insertion, stripping, egress rules
• Native VLAN — untagged traffic handling, native VLAN mismatch detection
• VLAN pruning — allowed VLANs on trunks, traffic isolation verification
• QinQ (802.1ad) double-tagging — outer S-tag (0x88A8), inner C-tag, service provider VLAN scenarios
• Inter-VLAN routing — router-on-a-stick, L3 switch SVI testing
• Negative test cases — VLAN ID 1, VLAN ID 4094, double-tag stripping errors, maximum VLANs

Spanning tree failures cause outages. You will learn to test STP/RSTP/MSTP convergence, timing, and failure recovery to the exact criteria in IEEE 802.1D/802.1w/802.1s.

• STP (802.1D) BPDU structure — root ID, bridge ID, path cost, port ID fields in Wireshark
• Root bridge election testing — priority manipulation, bridge ID tie-breaking
• Port state verification: Blocking → Listening → Learning → Forwarding
• TCN (Topology Change Notification) — trigger conditions, MAC flush behaviour
• RSTP (802.1w) rapid convergence — proposal/agreement exchange, edge ports (PortFast), measuring convergence time
• MSTP (802.1s) — instance mapping, region configuration, CST/IST, region boundary testing
• LACP (802.3ad) — LACPDU exchange, active/passive mode, failover timing, hash distribution verification
• LLDP (802.1AB) — TLV decoding (chassis ID, port ID, TTL, capabilities, management address), neighbour discovery testing
• L2 failure scenarios — broadcast storms, loop detection, MAC table overflow stress tests

Validate the routing protocols that power the internet — testing not just that they function, but that they conform precisely to RFC 2328 (OSPF) and RFC 4271 (BGP) under normal and failure conditions.

• IPv4 routing table verification — longest prefix match, AD, metric, recursive next-hop
• Static routing edge cases — floating static, null0 black-hole, recursive lookup depth
• OSPF (RFC 2328) adjacency state machine — Down → Init → 2-Way → ExStart → Exchange → Loading → Full
• Hello/Dead timer testing — timer mismatch, adjacency teardown, GR (graceful restart)
• LSA types 1–5, 7 — flood scope, expiry, MaxAge, premature aging test cases
• OSPF area types — backbone, stub, NSSA, totally stubby; ABR LSA filtering
• DR/BDR election testing — priority manipulation, pre-emption scenarios on broadcast segments
• BGP (RFC 4271) session establishment — OPEN, KEEPALIVE, UPDATE, NOTIFICATION messages
• BGP path attributes — AS-PATH, MED, LOCAL_PREF, NEXT_HOP, COMMUNITY; path selection verification
• BGP route filtering — prefix lists, AS-PATH filters, route maps; inbound/outbound policy testing
• BGP session reset scenarios — NOTIFICATION codes, hold timer expiry, MD5 auth

IPv6 is mandatory in telecom and carrier equipment. VRRP/HSRP is in every enterprise gateway. Multicast underpins IPTV and 5G. All three areas are tested here.

• IPv6 header format — flow label, traffic class, next header, hop limit verification
• Address types — GUA, LLA, ULA, multicast, anycast; DAD (Duplicate Address Detection) testing
• NDP (Neighbor Discovery Protocol) — RS/RA, NS/NA, Redirect; DAD race conditions
• SLAAC, DHCPv6 (stateless/stateful), prefix delegation — address assignment verification
• OSPFv3 — AF instance, LSA differences from OSPFv2, dual-stack topology testing
• BGP IPv6 AFI/SAFI — IPv6 NLRI, next-hop encoding, dual-stack peering
• VRRP (RFC 5798) — master election, preemption, advertisement interval testing, failover timing
• IGMP snooping — join/leave timing, group membership queries, multicast forwarding verification
• NAT44, NAT64 — translation table verification, port exhaustion, STUN/TURN traversal scenarios

Spirent TestCenter is the industry-standard traffic generator at Cisco, Nokia, and Ericsson test labs. This module gives you professional-level hands-on experience with the same GUI and CLI workflows used in real product validation.

• Spirent TestCenter GUI — port configuration, chassis setup, port groups
• Stream blocks — VLAN tags, MPLS labels, IPv4/IPv6 headers, custom payload patterns
• Traffic profiles — CBR, bursty, ramp-up; inter-frame gap, frame size variation
• RFC 2544 benchmarking — throughput (binary search), back-to-back frames, frame loss rate, latency (FIFO, LIFO, store-forward)
• RFC 2889 LAN switching performance — address caching, flooding, forwarding rate
• Protocol emulation over Spirent — OSPF neighbour emulation, BGP peer emulation, IGMP host emulation
• Spirent automation API (TCL/Python) overview — scripting repetitive test cases
• Analysing results — packet loss graphs, latency histograms, defect root cause mapping

IXIA IxNetwork is the other dominant platform in protocol testing. You will run parallel exercises on IXIA and learn to switch between both tools — a skill employers specifically request.

• IxNetwork GUI — topology setup, port groups, traffic items, flow groups
• Layer 2–3 traffic items — Ethernet, VLAN, IPv4/IPv6, MPLS stacks
• Protocol stacks — OSPF, BGP, IS-IS emulation over IxNetwork ports
• RFC 4814 hash validation — LAG load-spreading verification with randomised source MACs/IPs
• Latency and jitter testing for real-time traffic (voice, IPTV simulation)
• RFC compliance test plan methodology — test ID schema, normative requirement tracing, pass/fail matrix
• Defect classification — conformance defect vs performance defect vs interoperability defect
• Ostinato open-source traffic generator — as a cost-free alternative for automation-friendly workflows

Scapy lets you build and send any L2/L3 packet from Python — replacing manual Wireshark interaction with precise, repeatable, scriptable packet engineering. PyShark brings Wireshark's dissectors into Python.

• Scapy stack architecture — layer objects, field types, packet composition with / operator
• Building L2 frames — Ether(), Dot1Q(), Dot3(), ARP() crafting and sending
• Building L3 packets — IP(), IPv6(), ICMP(), TCP(), UDP() with custom field values
• send() vs sendp() vs sr() vs srp() — L3 vs L2 sending, request/response patterns
• Sniffing with sniff() — online capture with BPF filters, offline pcap reading
• Custom protocol parsing — defining Scapy Packet subclass for proprietary headers
• PyShark — LiveCapture, FileCapture, accessing protocol fields by name
• Automated packet verification — assert field values, count packets, extract statistics

pytest is the de-facto Python testing framework used everywhere from unit tests to full system integration. This module bridges it to network protocol test scenarios — parameterised, repeatable, CI-ready.

• pytest fixtures — setup/teardown for network topologies, scope (function/class/session)
• Parameterised tests — @pytest.mark.parametrize for multi-VLAN, multi-prefix, multi-timer test scenarios
• Markers — @pytest.mark.slow, @pytest.mark.l2, @pytest.mark.l3 — selective test execution
• Combining with Scapy — inject packets in fixture, assert capture results in test function
• Data-driven testing — loading test vectors from CSV/JSON (e.g., RFC 2544 frame size table)
• HTML test report generation — pytest-html, custom report templates
• Parallel test execution — pytest-xdist for concurrent protocol testing
• Integrating with CI/CD — GitHub Actions / Jenkins pipeline triggers, result archiving

Modern protocol test automation must configure the Device Under Test programmatically — not manually via CLI. This module covers SSH-based automation and model-driven NETCONF for modern network devices.

• Netmiko — SSH connection management, send_command(), send_config_set(), multi-vendor support (Cisco IOS, Juniper, Arista)
• Automating DUT configuration — VLAN creation, OSPF neighbour setup, BGP peering from Python
• Parsing command output — TextFSM templates, regex extraction of routing table, ARP table, OSPF neighbours
• NAPALM — vendor-agnostic get_facts(), get_bgp_neighbors(), get_route_to() for assertion-based testing
• NETCONF basics — XML RPC, <get-config>, <edit-config>, <commit>, ncclient Python library
• YANG data models — ietf-interfaces, ietf-routing, Cisco native YANG; reading and validating YANG leaves
• RESTCONF — HTTP methods on YANG paths, JSON/XML encoding, validation use cases
• End-to-end automation pattern: Netmiko configure DUT → Scapy inject traffic → PyShark verify capture → NAPALM assert routing state

Robot Framework gives non-programmer testers a keyword-driven interface to automation — and it integrates seamlessly with Netmiko and Scapy. CI/CD hooks make every protocol test run automatically on every codebase change.

• Robot Framework architecture — test suites, test cases, keywords, libraries
• Writing keyword-driven network tests — "Verify OSPF Adjacency Is Full", "Check VLAN Traffic Isolation"
• NetworkLibrary & SSHLibrary — Robot Framework network-specific keywords
• Integrating Python Scapy functions as custom Robot keywords
• Defect tracking integration — JIRA REST API, auto-create bug on test failure, attach pcap as evidence
• Jenkins pipeline for network testing — trigger on PR, spin up GNS3 topology, run suite, publish report
• GitHub Actions workflow for network CI — containerised test runner, artefact upload
• Test result dashboards — Robot Framework report HTML, Allure integration

Round out your skill set with advanced protocols that appear in senior protocol test engineer JDs at carrier and data centre networking companies.

• MPLS label stack — label push/pop/swap, PHP (Penultimate Hop Popping), label stack verification in Wireshark
• LDP — label binding exchange, LSP verification, LDP session testing
• QoS testing — DSCP marking, PQ/WFQ queue scheduling, policing, shaping; CoS/PCP marking
• 802.1X port authentication — EAP exchange, RADIUS integration, success/failure test cases
• MACsec (802.1AE) basics — MKA protocol, secure channel establishment testing
• IPsec — IKEv2 exchange, ESP encapsulation, tunnel mode vs transport mode verification
• DHCP snooping, Dynamic ARP Inspection (DAI), IP Source Guard — L2 security feature testing

The capstone integrates manual and automated testing into a single, GitHub-hosted project that proves your skills to any interviewer. Choose one of three tracks based on your target role.

• Resume writing for protocol test engineer roles — keywords, project descriptions, GitHub portfolio link
• Mock technical interviews — Wireshark decode questions, "design a test plan for OSPF", Python debugging
• Protocol testing interview question bank — 100+ questions with model answers (L2, L3, tools, automation)
• Salary negotiation guidance — fresher vs experienced bands, OEM vs IT services vs startup