Protocol Testing Tutorial (L2 & L3)
โก Smart Summary
Protocol Testing validates how networking devices exchange data across L2 and L3 protocols. It verifies packet structure, conformance, performance, and interoperability for switches, routers, VoIP equipment, and wireless gear used by vendors such as Cisco, Juniper, and Alcatel.
Before we learn about Protocol Testing, let us understand the foundation it builds upon.
What is a Protocol?
When computers communicate with each other, there is a common set of rules and conditions that each computer has to follow. In other words, protocols determine how data are transmitted between computing devices and over networks. Without these shared rules, devices from different vendors could not exchange traffic reliably.
What is Protocol Testing?
Protocol Testing is a method of checking communication protocols in the domains of Switching, Wireless, VoIP, Routing, and similar networking areas. The primary goal of Protocol Testing is to check the structure of packets that are sent over a network using dedicated Protocol Testing tools. Routers and switches are used during the test to form parts of devices and products under testing.
Now that we have defined the practice, let us examine why this discipline matters in production networks.
Why Protocol Testing Matters
Modern networks carry mission-critical workloads such as VoIP calls, financial transactions, and streaming video. A single protocol bug can break interoperability between vendors, drop packets, or expose security gaps. Protocol Testing safeguards quality by validating that each protocol implementation matches its specification, scales under load, and behaves predictably during failures.
With the motivation clear, the next question is how protocols are categorized in real networks.
Routed and Routing Protocols
Protocols are classified into two categories: routed protocols and routing protocols.
- Routed Protocols: Routed protocols are used to send user data from one network to another. They carry user traffic such as e-mails, web traffic, and file transfers. Examples of routed protocols are IP, IPX, and AppleTalk.
- Routing Protocols: Routing protocols are network protocols that determine routes for routers. They are used only between routers. Examples include RIP, IGRP, and EIGRP.
In simple terms, a router is like a bus used for transportation, while routing protocols are signals on the road.
Based on the type of communication, different protocols are used. Companies like Cisco, Juniper, and Alcatel produce networking devices such as routers, modems, and wireless access points that use different protocols for communication. For example, Cisco uses EIGRP and OSPF. Protocol Testing is essentially checking whether EIGRP (Enhanced Interior Gateway Routing Protocol), OSPF (Open Shortest Path First), or any other protocol is working as per its respective standard.
Types of Computer Protocols
The table below lists the most common protocols a tester will encounter on the wire.
| Types of Protocols | Purpose of Protocols |
|---|---|
| TCP/IP | It is used to send information in small packets over the Internet |
| UDP/ICMP | It is used to send a small amount of information in data packets over the Internet |
| POP3 and SMTP | It is used for sending and receiving mail |
| Hypertext Transfer Protocol | It is used to transfer HTML pages in encrypted form to provide security to sensitive data |
| FTP | It is used for transporting files over a network from one node to another |
* TCP/IP – Transmission Control Protocol/Internet Protocol, UDP/ICMP – User Datagram Protocol/Internet Control Message Protocol, POP3/SMTP – Post Office Protocol/Simple Mail Transfer Protocol, HTTP – Hyper Text Transfer Protocol, FTP – File Transfer Protocol.
Different Types of Network Protocols (L2 and L3)
The OSI model has a total of seven layers of network communication, of which Layer 2 (L2) and Layer 3 (L3) are very crucial for Protocol Testing.
- Layer 2 (L2): It is the data link layer. MAC address, Ethernet, Token Ring, and Frame Relay are all examples of the data link layer.
- Layer 3 (L3): It is the network layer that determines the best available path in the network for communication. An IP address is an example of L3.
How to do Protocol Testing
- For Protocol Testing, you need a protocol analyzer and a simulator.
- The protocol analyzer ensures proper decoding along with call and session analysis. The simulator simulates various entities of the networking element.
- Usually, Protocol Testing is carried out by a DUT (Device Under Test) connected to other devices such as switches and routers, with the target protocol configured on it.
- Thereafter, the tester checks the packet structure of the packets sent by the devices.
- It checks scalability, performance, and protocol algorithm behavior of the device by using tools like IxNetwork, Scapy, and Wireshark.
Testing Types for Protocol Testing
Protocol Testing includes testing of functionality, performance, protocol stack, interoperability, and more. During Protocol Testing, three basic checks are done.
- Correctness: Do we receive packet X when we expect it?
- Latency: How long does a packet take to transit the system?
- Bandwidth: How many packets can we send per second?
Protocol Testing can be segregated into two broad categories: Stress and Reliability Tests, and Functional Tests. Stress and Reliability tests cover Load Testing, Stress Testing, and Performance Testing. Functional Testing includes negative testing, conformance testing, and interoperability testing.
- Conformance Testing: The protocols implemented on products are tested for adherence to standards such as IEEE and RFC.
- Interoperability Testing: The interoperability for different vendors is tested. This testing is done after conformance testing is completed on the appropriate platform.
- Network Feature Testing: The features of networking products are tested for functionality with reference to the design document. For example, features can be port-security on a switch or ACL on a router.
Sample Test Cases for Protocol Testing of Network Devices
Here is a sample set of test cases for routers and switches.
| Test Name | Test Cases |
|---|---|
| One VLAN on One Switch | Build two different VLANs. Check the visibility between hosts on different VLANs. |
| Three Symmetric VLANs on One Switch | Create three different asymmetric VLANs. Check the visibility between hosts. |
| Spanning Tree: Root Path Cost Variation | Test how the Root Path Cost changes after a topology variation. |
| Spanning Tree: Port Blocking | Check how spanning tree protocol avoids the formation of cycles in the network, blocking redundant links, in the presence of VLANs too. |
| Different Root Bridge for Different MSTI | Show that each MSTI can have a different Root Bridge. |
| Visibility Between Different STP Regions | With the same VLANs, check visibility between different STP regions. |
| Telephone Switch Performance | Generate 1000 telephone calls and check whether the telephone switch still operates or its performance degrades. |
| Negative Test for Device | Enter the incorrect key and check authentication. The user should not be allowed access. |
| Line Speed | Check the device operating at 10 Gbps speed, utilizing all available bandwidth to handle incoming traffic. |
| Protocol Conversation Rate | Track a TCP conversation between two devices and verify that each device behaves correctly. |
| Response Time for Session Initiation | Measure the response time of a device to an invite request for session initiation. |
Tools for Protocol Testing
Let us discuss the most important testing tools used to verify protocols.
1) Scapy for Packet Crafting
Scapy is a powerful interactive packet manipulation program. It enables you to:
- Create packets
- Decode packets on the network
- Capture packets and analyze them
- Inject packets into the network
So, basically, Scapy mainly does two things: receiving answers and sending packets. You define the packets, it sends them, receives answers, matches requests with answers, and returns a list of packet couples and a list of unmatched packets.
It can also handle other tasks such as trace-routing, unit tests, attacks, network discovery, developing new protocols, and probing.
Scapy enables you to write a Python script that allows you to perform tasks like sending, receiving, or sniffing packets. For example, Scapy can sniff data packets using a short Python script. The command to open the editor is shown below.
#gedit scapysniff.py #!/usr/bin/env python from scapy.all import * a = sniff(count=10) a.nsummary() save, and change the mode of the file into an executable form #chmod +x scapysniff.py # ./scapysniff.py
It will sniff 10 packets, and as soon as it has sniffed 10 packets, it will print the summary. Scapy also has an array of commands for sending and receiving packets at the same time.
2) Wireshark for Analysis
Wireshark is the leading tool used for Protocol Testing analysis. It allows you to capture packets in real time and display them in human-readable form. You can dig deep into network traffic and inspect individual packets using color coding and filters.
Wireshark captures packets that help determine when the session is being established, when the exact data transfer was initiated, and how much data is sent each time.
Wireshark has a rich feature set that includes:
- A thorough inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Rich VoIP analysis
- Standard three-pane packet browser
- Runs on multiple platforms such as Windows, Linux, and macOS
- Captured network data can be browsed via a GUI
- Decryption support for many protocols such as IPsec, ISAKMP, and SSL/TLS
- Live data can be read from Ethernet, ATM, Bluetooth, USB, and Token Ring
- Output can be exported to CSV, XML, and plain text
3) TTCN
TTCN is a standard testing language for defining Test Scenarios and their implementation for Protocol Testing. A TTCN test suite contains many test cases written in the TTCN programming language, and it is used for testing reactive systems or behavioral testing.
For example, consider a coffee vending machine that dispenses coffee when a dollar coin is inserted but does not respond if less than a dollar is inserted. To program such machines, TTCN-3 is used. To make the coffee machine respond when a coin is inserted, you write a TTCN-3 component that behaves as a coffee machine. This allows you to run tests before an actual coffee machine is available as a product. Once that is done, you can connect the TTCN-3 test suite with the external device.
The test system emits stimuli (a dollar coin) and receives responses (coffee). The stimuli adapter obtains stimuli from the test system and passes them to the system under test. The response adapter waits for responses of the system under test and passes them to the test system.
TTCN-3 can be used in various fields such as:
- Mobile communications (LTE, WiMAX, 3G)
- Broadband technologies (ATM, DSL)
- Middleware platforms (Web services, CORBA)
- Internet protocols (SIP, IMS, IPv6)
- Smart cards
- Automotive (AutoSAR, MOST, CAN)
In TTCN you can define:
- Test Suites
- Test Cases
- Test Steps
- Declared Variables
- Declared Timers
- PDUs, and more
TTCN can be integrated with systems written in other languages such as ASN.1, XML, and C/C++. The TTCN-3 core language exists in text format, alongside tabular, graphical, and presentation formats.
How to Apply Protocol Testing in Practice
To apply these techniques on a real project, define the protocol scope (L2, L3, or higher), set up a DUT with simulator and analyzer wired in, draft conformance and negative test cases referencing RFC or IEEE specs, then run stress, interoperability, and AI-assisted anomaly checks. Capture results in Wireshark and iterate until packet behavior matches the standard.


