Sort by new | name | popular

Packet Captures

Showing 1 - 25 of 138

3560_CDP.cap 1.2 KB

Submitted Sep 14, 2009

Cisco Discovery Protocol (CDP) advertisements from a Catalyst 3560. Note how much information is offered to a potential attacker.

CDP Ethernet LLC

Packets: 3 Duration: 120s Downloads: 4654

3725_CDP.cap 390 bytes

Submitted Sep 14, 2009

Cisco Discovery Protocol (CDP) from FastEthernet0/0 of a Cisco 3725 router.

CDP Ethernet LLC

Packets: 1 Duration: n/a Downloads: 4116

4-byte_AS_numbers_Full_Support.cap 1.2 KB

Submitted Apr 30, 2010 by pierky

Router at 172.16.1.2 (hostname "D", AS 40.1 / 2621441) clears a previous established peering with 172.16.1.1 (hostname "A", AS 10.1 / 655361); They both support 32-bit ASN.

While opening the new session, they negotiate the "Four-octet AS Number Capability" (pkts n. 2 and 3).

Then, both "A" and "D" send some UPDATEs containing 4-octect encoded AS_PATH attributes (pkts n. 6 and 9). Please note: WireShark may show wrong paths unless you force 4-byte encoding in the Preferences / Protocols / BGP options.

BGP HDLC IP TCP

Packets: 9 Duration: 56s Downloads: 6116

4-byte_AS_numbers_Mixed_Scenario.cap 414 bytes

Submitted Apr 30, 2010 by pierky

Router "B" (AS 2) at 172.16.3.2 does not support 4-byte AS numbers, while router "A" (AS 10.1 / 655361) at 172.16.3.1 does.

Router "A" receives an UPDATE for the 40.0.0.0/8 subnet from an external router ("D") in the AS 40.1 / 2621441 (not shown), and it forwards it to "B" (pkt n. 2): AS_PATH contains "23456 23456" (the first stands for AS 10.1, the second for the originating AS 40.1), but NEW_AS_PATH contains the real 4-byte AS numbers.

At pkt n. 3 "B" receives the same subnet directly from "D" and sends it to "A", including the original NEW_AS_PATH attribute previously appended by "D".

BGP HDLC IP TCP

Packets: 4 Duration: 60s Downloads: 6649

802.1D_spanning_tree.cap 1.1 KB

Submitted Sep 14, 2009

IEEE 802.1D Spanning Tree Protocol (STP) advertisements sent every two seconds.

Ethernet LLC STP

Packets: 14 Duration: 26s Downloads: 8322

802.1Q_tunneling.cap 5.0 KB

Submitted Jun 30, 2010

CDP Ethernet IP LLC VLAN

Packets: 26 Duration: 35s Downloads: 13911

802.1w_rapid_STP.cap 2.3 KB

Submitted Sep 14, 2009

Rapid Spanning Tree Protocol BPDUs are received from a Catalyst switch after connecting to a port not configured for PortFast. The port transitions through the blocking and learning states before issuing a topology change notification (packet #30) and transitioning to the forwarding state.

Ethernet LLC STP

Packets: 30 Duration: 56s Downloads: 6836

802.1X.cap 498 bytes

Submitted Sep 14, 2009

A wired client authenticates to its switch using 802.1x/EAP and MD5 challenge authentication.

EAPoL Ethernet

Packets: 7 Duration: 19s Downloads: 6941

address withdrawal ldp.pcapng.cap 716 bytes

Submitted Apr 25, 2014 by altafk

Label address withdrawal message. An LSR sends the label address withdrawal message to a peer when it wants to withdraw previously advertised labels to address mappings. See RFC 3036 for more details.

IP LDP TCP

Packets: 1 Duration: n/a Downloads: 596

Auto-RP.cap 726 bytes

Submitted Sep 14, 2009

Routers 2 and 3 have been configured as candidate RPs, and multicast RP announcements to 239.0.1.39. Router 1 is the RP. R1 sees the candidate RP announcements from R2 and R3, and designates R3 the RP because it has a higher IP address (3.3.3.3). R1 multicasts the RP mapping to 224.0.1.40. The capture is from the R1-R2 link.

Auto-RP Ethernet IP UDP

Packets: 9 Duration: 239s Downloads: 4138

bgp as confed sequence.pcapng.cap 432 bytes

Submitted Apr 4, 2014 by altafk

AS confederation sequence set in the BGP updates. Confederations are used to minimize IBGP mesh between BGP speakers but IBGP rules apply between EBGP sub confederation peers. AS confederation sequence are an ordered list of Autonomous systems passed within confederations.

BGP IP TCP

Packets: 1 Duration: n/a Downloads: 498

bgp med.pcapng.cap 364 bytes

Submitted Apr 2, 2014 by altafk

BGP metric value set to 242( just a random value), used as a suggestion for peer in neighboring AS to influence incoming traffic.

BGP IP TCP

Packets: 1 Duration: n/a Downloads: 435

bgp orf capabilty negotitation.pcapng.cap 328 bytes

Submitted Apr 3, 2014 by altafk

BGP outbound route filtering capabilities negotiation between BGP speakers, sent during route [ Cisco PrefixList ORF-Type (128)].

BGP IP TCP

Packets: 1 Duration: n/a Downloads: 469

bgp orf prefix advertisement.pcapng.cap 336 bytes

Submitted Apr 3, 2014 by altafk

BGP prefix list sent during route refresh when outbound route filtering is configured. here we clearly see whether the prefix list is add or delete and permit or deny. Also we can see the actual network/mask sent.

BGP IP TCP

Packets: 1 Duration: n/a Downloads: 605

BGP_AS_set.cap 1.6 KB

Submitted Sep 14, 2009

Packet #15 includes a BGP update containing both an AS sequence and an AS set in its AS path attribute.

BGP Ethernet IP TCP

Packets: 18 Duration: 1s Downloads: 4850

BGP_hard_reset.cap 3.2 KB

Submitted Sep 14, 2009

A hard reset (clear ip bgp) is performed on R1 for its adjacency with R2. Packet #7 shows R1 sending a packet with the TCP FIN flag set, indicating the connection is to be torn down. The TCP connection is then reestablished and UPDATEs are retransmitted.

BGP Ethernet IP TCP

Packets: 32 Duration: 208s Downloads: 4051

BGP_MD5.cap 1.7 KB

Submitted Nov 26, 2009

An EBGP with TCP MD5 authentication enabled

BGP Ethernet IP TCP

Packets: 16 Duration: 61s Downloads: 7331

BGP_MP_NLRI.cap 2.9 KB

Submitted Jun 28, 2010

IPv6 routes are carried as a separate address family inside MP_REACH_NLRI attributes.

BGP Ethernet IP IPv6 TCP

Packets: 24 Duration: 60s Downloads: 11271

BGP_notification.cap 764 bytes

Submitted Sep 14, 2009

R1 has been misconfigured to expect R2 to reside in AS 65100. R2 attempts to peer with R1 advertising itself correctly in AS 65200. R1 issues a NOTIFICATION in packet #5 citing a "bad peer AS" error and terminates the TCP connection.

BGP Ethernet IP TCP

Packets: 9 Duration: n/a Downloads: 4191

BGP_redist.cap 378 bytes

Submitted Oct 28, 2009 by colinbsd

The OSPF metric is preserved and propagated within the MPLS cloud by the MP-BGP MED attribute.

BGP HDLC IP MPLS TCP

Packets: 2 Duration: n/a Downloads: 7065

BGP_soft_reset.cap 2.0 KB

Submitted Sep 14, 2009

R1 performs a soft bidirectional reset (clear ip bgp soft) on its adjacency with R2. The ROUTE-REFRESH message is visible in packet #7. Note that the TCP connection remains uninterrupted, and neither router views the reset as disruptive.

BGP Ethernet IP TCP

Packets: 17 Duration: 180s Downloads: 4246

cm4116_telnet.cap 9.4 KB

Submitted Mar 1, 2011

Short Telnet session with an Opengear CM4116 used to demonstrate the urgent flag and pointer

Ethernet IP TCP Telnet

Packets: 113 Duration: 14s Downloads: 9045

connection termination.cap 316 bytes

Submitted Jun 5, 2012 by altafk

This is a connection termination packet in which both the server and client sends fin & ack to each other.
For details of how connection is been teared down by both client and server see the link below.
http://www.firewall.cx/networking-topics/protocols/tcp/136-tcp-flag-options.html

IP TCP

Packets: 4 Duration: n/a Downloads: 6249

DECnet_Phone.pcap.cap 7.5 KB

Submitted Jan 13, 2010 by vmlemon

A DECnet Phone session, using the Linux DECnet stack and a clone/port of the OpenVMS eponymous tool.

DEC_DNA Ethernet

Packets: 139 Duration: 100s Downloads: 5181

DHCP.cap 5.8 KB

Submitted Sep 29, 2009 by pierky

R0 is the client and R1 is the DHCP server. Lease time is 1 minute.

BOOTP Ethernet IP UDP

Packets: 12 Duration: 153s Downloads: 8618

Showing 1 - 25 of 138