Packet Captures
icmp with record route option set.cap (1.2 KB)
| Packets: 10 | Duration: 2s | Downloads: 149 |
ping packet with record route option set and IP addresses of all outgoing and incoming interfaces along the path.
In that we can also see position of current pointer.
dtls_null.cap (2.2 KB)
| Packets: 7 | Duration: 7s | Downloads: 37 |
DTLS handshake with one application data packet.
Authentication with server certificate only.
NULL encryption is used to demonstrate the transmission of "TESTING"
MSTP_Intra-Region_BPDUs.cap (1.7 KB)
| Packets: 10 | Duration: 10s | Downloads: 101 |
MSTP BPDUs captured on an intra-region root port.
00:1f:27:b4:7d:80 - CIST Root (is in another MSTP Region)
00:16:46:b5:8c:80 - CIST Regional Root, Root for Instance 0, 2
00:1e:f7:05:a8:80 - Root for Instance 1
Notice in frame 1 that 00:1e:f7:05:a8:80 uses 32768.00:16:46:b5:8c:80 (Regional Root BID) as bridge ID in the main STP header to make the region appear as a single bridge.
IGMP_V1.cap (2.0 KB)
| Packets: 27 | Duration: 259s | Downloads: 578 |
All IGMP V1 requests : Query General, Join specific group
IGMP_V2.cap (1.3 KB)
| Packets: 18 | Duration: 133s | Downloads: 491 |
All IGMP V2 requests : Query General, Query specfic group, Join specific group, leave specific group
stun2.cap (102 bytes)
| Packets: 1 | Duration: n/a | Downloads: 437 |
Stun (2) Protocol. UDP Holepunching technique.
packet-c.cap (675.0 KB)
| Packets: 926 | Duration: 13s | Downloads: 822 |
This is a packet capture from a SonicWall. We were troubleshooting DHCP packet flows. The SonicWall saw the DHCP Discover and Sent an Offer. We never saw the DHCP acknowledgement. In the adjacent core stacked switching we were running "debug ip dhcp server packets" we only saw discover packets from IP phones up to the SonicWall. For some reason the SonicWall could not let any other DHCP packets through or out of it INSIDE (LAN) interface. Even if we put an ANY-ANY ALC for that interface. We ended up having to replace the SonicWall and upload the configuration from the old SonicWall to the new one.
-Slaingod
IPv6_RTSP.cap (15.5 KB)
| Packets: 17 | Duration: 3s | Downloads: 1042 |
This capture contains IPv6_RTSP packets. Accessed IPv6 enabled RTSP server using 6in4 tunnel.
OCSP-Not_Implemted.cap (1.1 KB)
| Packets: 10 | Duration: n/a | Downloads: 2486 |
OCSP-Not_Implemted
- Categories: Encryption
- Protocols: HTTP, IP, OCSP, TCP
OCSP-Revoked.cap (1.8 KB)
| Packets: 10 | Duration: n/a | Downloads: 1563 |
OCSP (Comodo - FAKE crt Addons-mozilla-org)
- Categories: Encryption
- Protocols: HTTP, IP, OCSP, TCP
traceroute_MPLS.cap (3.3 KB)
| Packets: 29 | Duration: 3s | Downloads: 3876 |
cm4116_telnet.cap (9.4 KB)
| Packets: 113 | Duration: 14s | Downloads: 3346 |
Short Telnet session with an Opengear CM4116 used to demonstrate the urgent flag and pointer
- Categories: Management
- Protocols: Ethernet, IP, TCP, Telnet
HTTP.cap (24.9 KB)
| Packets: 40 | Duration: n/a | Downloads: 5490 |
Simple HTTP transfer of a PNG image using wget
DHCP_MessageType 10,11,12 and 13.cap (1.9 KB)
| Packets: 6 | Duration: 13s | Downloads: 3527 |
Access Concentrator/router queries lease for particular IP addresses using message type as "DHCP LEASE QUERY" and gets response as DHCP LEASE ACTIVE,LEASE UNASSIGNED and LEASE UNKNOWN.
Access Concenttrator/Router IP=10.10.39.14
DHCP server IP=10.10.35.33
QinQ.pcap.cap (184 bytes)
| Packets: 2 | Duration: 2s | Downloads: 4226 |
ARP requests having two vlan IDs attached (QinQ)
iphttps.cap (12.4 KB)
| Packets: 83 | Duration: 38s | Downloads: 4074 |
IP-HTTPS capture. This is Microsoft's IPv6 inside HTTPS tunneling for DirectAccess.
WCCPv2.pcap.cap (2.8 KB)
| Packets: 15 | Duration: 27s | Downloads: 2868 |
WCCP communication captures between 7200 Router and a WCCP capable optimization device (In my case it is Riverbed's Stealhead 2050)
LLDP_and_CDP.cap (4.0 KB)
| Packets: 12 | Duration: 98s | Downloads: 3883 |
LLDP and CDP advertisements sent between two switches, S1 and S2.
TACACS+_encrypted.cap (2.8 KB)
| Packets: 34 | Duration: 7s | Downloads: 3472 |
TACACS+ authentication and authorization requests as made by a Cisco IOS router upon a user logging in via Telnet.
- Categories: Management
- Protocols: Ethernet, IP, TACACS+, TCP
PPPoE_Dual-Stack_IPv4_IPv6-with_DHCPv6.cap (6.1 KB)
| Packets: 65 | Duration: 46s | Downloads: 4092 |
Dual-stack PPPoE: IP (IPv4) and IPv6 with DHCPv6
ICMP_over_L2TPv3_Pseudowire.pcap.cap (5.3 KB)
| Packets: 38 | Duration: 30s | Downloads: 3748 |
ICMP pings from a CE to a second CE via a L2TPv3 pseudowire.
802.1Q_tunneling.cap (5.0 KB)
| Packets: 26 | Duration: 35s | Downloads: 6729 |
BGP_MP_NLRI.cap (2.9 KB)
| Packets: 24 | Duration: 60s | Downloads: 5066 |
IPv6 routes are carried as a separate address family inside MP_REACH_NLRI attributes.
TCP_SACK.cap (27.5 KB)
| Packets: 39 | Duration: n/a | Downloads: 12075 |
A TCP SACK option is included in packets #31, #33, #35, and #37. The missing segment is retransmitted in packet #38.
PPP_EAP.cap (2.5 KB)
| Packets: 52 | Duration: 52s | Downloads: 3756 |
PPP link negotiation employing EAP MD5 authentication
4-byte_AS_numbers_Mixed_Scenario.cap (414 bytes)
| Packets: 4 | Duration: 60s | Downloads: 3980 |
Router "B" (AS 2) at 172.16.3.2 does not support 4-byte AS numbers, while router "A" (AS 10.1 / 655361) at 172.16.3.1 does.
Router "A" receives an UPDATE for the 40.0.0.0/8 subnet from an external router ("D") in the AS 40.1 / 2621441 (not shown), and it forwards it to "B" (pkt n. 2): AS_PATH contains "23456 23456" (the first stands for AS 10.1, the second for the originating AS 40.1), but NEW_AS_PATH contains the real 4-byte AS numbers.
At pkt n. 3 "B" receives the same subnet directly from "D" and sends it to "A", including the original NEW_AS_PATH attribute previously appended by "D".
- Categories: Routing Protocols
- Protocols: BGP, HDLC, IP, TCP
4-byte_AS_numbers_Full_Support.cap (1.2 KB)
| Packets: 9 | Duration: 56s | Downloads: 3747 |
Router at 172.16.1.2 (hostname "D", AS 40.1 / 2621441) clears a previous established peering with 172.16.1.1 (hostname "A", AS 10.1 / 655361); They both support 32-bit ASN.
While opening the new session, they negotiate the "Four-octet AS Number Capability" (pkts n. 2 and 3).
Then, both "A" and "D" send some UPDATEs containing 4-octect encoded AS_PATH attributes (pkts n. 6 and 9). Please note: WireShark may show wrong paths unless you force 4-byte encoding in the Preferences / Protocols / BGP options.
- Categories: Routing Protocols
- Protocols: BGP, HDLC, IP, TCP
DECnet_Phone.pcap.cap (7.5 KB)
| Packets: 139 | Duration: 100s | Downloads: 3607 |
A DECnet Phone session, using the Linux DECnet stack and a clone/port of the OpenVMS eponymous tool.
rpvstp-trunk-native-vid5.pcap.cap (1.8 KB)
| Packets: 22 | Duration: 11s | Downloads: 4797 |
Rapid per-VLAN spanning tree capture of a trunk port, configured with native VLAN 5, VLAN 1 is also active over the trunk.
Capture shows that 3 BPDUs are sent out, one for classic STP (Frame 4, for example), one for the native VLAN 5 (not tagged - Frame 5) and one for each other active VLAN (tagged - Frame 3).
The PVST BPDUs contain the VLAN ID at the end of the frame (01 and 05, respectively).