I was trying to find out where vtp transparent switches stored the vtp information that they pass on to other switches (I’m now of the opinion that they don’t – I think they simply read vtp frames, check them for validity (domain/password) and then forward them on trunk ports).
Anyway, that got me looking at the contents of vlan.dat, and I found this perl script that partially decodes vlan.dat and I also came across this site where Marco Rizzi played around with the vlan.dat in a hex editor.
I then captured a few VTP packets in Wireshark which gave me a few clues about VLAN type, and think I have worked out the following fields for vlan.dat:
Byte# Length Purpose Hex Decimal 000 4 Don't know - but always seems to be badb 100d 004 4 Guessing - version number - always 2 008 1 VTP mode:1=client;2=server;3=transparent 009 1 Length of domain name 00a 32 Domain Name 02b 6 Revision Number 030 4 Local updater ID (IP address) 034 4 Last update on (interface id-lowest VLAN) 038 12 Last modified time yymmddhhmmss 044 8 MD5 hash (as seen on sh vtp status) 04c 8 Don't know 054 1 Password Length 055 64 Password (in clear text) 095 3 Number of VLANs 098 8 Don't know: First 5.5 bytes seem to be 02020000 80e From here on, there is a consistent 60 byte record repeated: 0a0 1 Vlan Name Length 0a1 32 Vlan Name 0c1 2 Vlan Type:1=ethernet;2=FDDI;3=TR;4=fdnet;5=trnet 0c3 1 Don't know - always 01 0c4 2 MTU always 0x05dc(=1500) 0c6 2 VLAN ID 0c8 4 Vlan SAID: E.g value 0x000186A1(=100001) 0dc 16 Don't know: Usually all 0
Finally, there is a bunch of stuff at the end which I haven’t been able to interpret