Sort by new | name | popular

Packet Captures

Showing 76 - 100 of 152

VRRP_preempt.cap 1.2 KB

Submitted Sep 14, 2009

Initially R3 is the master, R2 is backup, and R1 is offline. R1 comes back online with a priority of 200, preempting R3 to become the master router.

Ethernet IP VRRP

Packets: 16 Duration: 14s Downloads: 7442

VRRP_failover.cap 2.4 KB

Submitted Sep 14, 2009

The master router (R1) goes offline. After the down interval passes (roughly 3 seconds), R3 takes over as the master router in packet #12. R2 also offers to take over but R3 wins because it has the higher IP address.

Ethernet IP VRRP

Packets: 32 Duration: 33s Downloads: 8974

UDLD.cap 3.3 KB

Submitted Sep 14, 2009

Unidirectional Link Detection (UDLD) is used to monitor the status of a link between a Catalyst 2960 and a Catalyst 3560. Note that echos are initially sent at very small intervals, gradually throttling back to the configured interval of 15 seconds.

Ethernet LLC UDLD

Packets: 29 Duration: 93s Downloads: 6985

telnet.cap 9.4 KB

Submitted Sep 14, 2009

Telnetting from one router to another. Note that all communication is visible in clear text.

Ethernet IP TCP Telnet

Packets: 74 Duration: 10s Downloads: 7345

TDP.cap 2.8 KB

Submitted Sep 14, 2009

P2 and PE2 exchange Tag Distribution Protocol hellos and form an adjacency over TCP port 711.

Ethernet IP TCP TDP UDP

Packets: 33 Duration: 47s Downloads: 4665

SSHv2.cap 11.4 KB

Submitted Sep 14, 2009

An SSH version 2 session between two routers. All communication is securely encrypted.

Ethernet IP SSH TCP

Packets: 90 Duration: 7s Downloads: 6919

SNMPv2c_get_requests.cap 894 bytes

Submitted Sep 14, 2009

SNMPv2c get requests are issued from a manager to an SNMP agent in order to monitor the bandwidth utilization of an interface.

Ethernet IP SNMP UDP

Packets: 8 Duration: n/a Downloads: 5561

RIPv2_subnet_down.cap 1.3 KB

Submitted Sep 14, 2009

RIPv2 routes are being flooded on the R1-R2 link. R2's connection to 192.168.2.0/24 goes down, and the route is advertised as unreachable (metric 16) in packet #7. Capture perspective from R1's 10.0.0.1 interface.

Ethernet IP RIP UDP

Packets: 10 Duration: 86s Downloads: 5889

RIPv2.cap 1.7 KB

Submitted Sep 14, 2009

A RIPv2 router periodically flooding its database. Capture perspective from R1's 10.0.0.1 interface.

Ethernet IP RIP UDP

Packets: 12 Duration: 141s Downloads: 6663

RIPv1_subnet_down.cap 1.0 KB

Submitted Sep 14, 2009

RIPv1 routes are being flooded on the R1-R2 link. R2's connection to 192.168.2.0/24 goes down, and the route is advertised as unreachable (metric 16) in packet #5. Capture perspective from R1's 10.0.1.1 interface.

Ethernet IP RIP UDP

Packets: 8 Duration: 58s Downloads: 4685

RIPv1.cap 876 bytes

Submitted Sep 14, 2009

A RIPv1 router periodically flooding its database. Capture perspective from R1's 10.0.1.1 interface.

Ethernet IP RIP UDP

Packets: 6 Duration: 65s Downloads: 5355

RADIUS.cap 775 bytes

Submitted Sep 14, 2009

A RADIUS authentication request is issued from a switch at 10.0.0.1 on behalf of an EAP client. The user authenticates via MD5 challenge with the username "John.McGuirk" and the password "S0cc3r".

Ethernet IP RADIUS UDP

Packets: 4 Duration: n/a Downloads: 9830

PPP_TCP_compression.cap 1.5 KB

Submitted Sep 14, 2009

A telnet session is established to 191.1.13.3 across a PPP link performing TCP header compression. The user at 191.1.13.1 logs in with the password "cisco" and terminates the connection.

IP LCP PPP TCP

Packets: 43 Duration: 3s Downloads: 4628

PPP.cap 3.6 KB

Submitted Sep 14, 2009

ICMP across a PPP serial link.

CDP ICMP IP LCP PPP

Packets: 50 Duration: 83s Downloads: 5627

PIMv2_hellos.cap 528 bytes

Submitted Sep 14, 2009

Routers 1 and 2 exchange PIMv2 hello packets.

Ethernet IP PIM

Packets: 6 Duration: 63s Downloads: 6167

PIMv2_bootstrap.cap 712 bytes

Submitted Sep 14, 2009

Router 1 is the BSR and routers 2 and 3 are candidate RPs with the default priority of 0. R1 collects the RP advertisement unicasts from R2 and R3 and combines them in a bootstrap multicast to all PIM routers. Capture perspective is the R1-R3 link.

Ethernet IP PIM

Packets: 8 Duration: 184s Downloads: 5095

PIM-SM_join_prune.cap 3.8 KB

Submitted Sep 14, 2009

A host on R4's 172.16.20.0/24 subnet requests to join the 239.123.123.123 group. R4 sends a PIMv2 join message up to the RP (R1). Subsequent join messages are sent every 30 seconds, until R4 determines it no longer has any interested hosts and sends a prune request (packet #45). PIMv1 RP-Reachable messages for the group are also visible from R1.

Ethernet IGMP IP PIM

Packets: 47 Duration: 473s Downloads: 7505

PIM-DM_pruning.cap 10.2 KB

Submitted Sep 14, 2009

The multicast source at 172.16.40.10 begins sending traffic to the group 239.123.123.123, and PIM-DM floods the traffic down the tree. R4 has no group members, and prunes itself from the tree. R2 and R3 then realize they have no members, and each prunes itself from the tree. The capture shows R2 receiving the multicast traffic flooded from R1 and subsequently pruning itself every three minutes.

Ethernet IP PIM UDP

Packets: 38 Duration: 415s Downloads: 4836

path_MTU_discovery.cap 6.2 KB

Submitted Sep 14, 2009

Tracepath is used to determine the MTU of the path between hosts 192.168.0.2 and .1.2. Packet #6 contains an ICMP "fragmentation needed" message, indicating the MTU for that hop is 1400 bytes.

Ethernet ICMP IP UDP

Packets: 8 Duration: n/a Downloads: 7740

OSPF_with_MD5_auth.cap 4.6 KB

Submitted Sep 14, 2009

An OSPF adjacency is formed between two routers configured to use MD5 authentication.

Ethernet IP OSPF

Packets: 34 Duration: 63s Downloads: 5371

OSPF_type7_LSA.cap 3.6 KB

Submitted Sep 14, 2009

Area 10 is configured as a not-so-stubby area (NSSA). The capture records the adjacency formed between routers 2 and 3. The link state update in packet #11 includes several type 7 LSAs from R2. Capture perspective from R3's 10.0.10.1 interface.

Ethernet IP OSPF

Packets: 25 Duration: 32s Downloads: 6019

OSPF_point-to-point_adjacencies.cap 9.9 KB

Submitted Sep 14, 2009

The frame relay network between four routers is configured with point-to-point subinterfaces. No DR/BDR is required as all adjacencies are point-to-point. Capture perspective from R1.

Frame Relay IP OSPF

Packets: 93 Duration: 35s Downloads: 7167

OSPF_NBMA_adjacencies.cap 11.7 KB

Submitted Sep 14, 2009

Formation of OSPF adjacencies across a Non-broadcast Multiaccess (NBMA) frame relay topology. Neighbors have been manually specified on all routers, with R1 configured to become the DR. No BDR is present. Capture perspective from R1.

Frame Relay IP OSPF

Packets: 99 Duration: 66s Downloads: 5071

OSPF_multipoint_adjacencies.cap 16.3 KB

Submitted Sep 14, 2009

Routers 1 through 4 are configured to view the non-broadcast frame relay network as a point-to-multipoint topology. Adjacencies are formed without the need of a DR or BDR. Note that inverse ARP was used to dynamically learn the addresses of neighbors.

ARP Frame Relay IP LMI OSPF Q933

Packets: 196 Duration: 277s Downloads: 6041

OSPF_LSA_types.cap 4.0 KB

Submitted Sep 14, 2009

Capture of adjacency formation between OSPF routers 4 and 5 in area 20. Packet #12 contains LSAs of types 1, 2, 3, 4, and 5.

Ethernet IP OSPF

Packets: 30 Duration: 63s Downloads: 7785

Showing 76 - 100 of 152