snoop-working-ccm7.cap (203.0 KB)
|Packets: 191||Duration: 1081s||Downloads: 2007|
H323 Phone registering!!!
hdlc slarp.pcapng.cap (612 bytes)
|Packets: 7||Duration: 22s||Downloads: 886|
We can have our serial interface automatically assign itself ip address from neighbor router, like DHCP for serial interfaces.
which is called as SLARP(serial line address resolution protocol).
Here is a packet capture of slarp and the router requesting the addresss and mask from neighbor router.Also the neighboring router responds with its own ip address and mask and this router looks into the mask and assigns itself the next available ip address from the subnet.
- Categories: None
- Protocols: SLARP
icmp fragmented.cap (106.4 KB)
|Packets: 77||Duration: 11s||Downloads: 1901|
pinged google.com with -l option in windows which allows us to set the data size of the packet.
Data size of 15000 bytes has been chosen and we can see that it is fragmented through the network into a maximum data size 1480 bytes in each packet.
We can also see offset and identification field set in the ip header.
ospf over gre tunnel.cap (8.2 KB)
|Packets: 63||Duration: 241s||Downloads: 9543|
Configured ospf over GRE tunnel in which packets are double tagged with ip header, useful when there is no direct connection between the 2 routers but still we need to run ospf.
connection termination.cap (316 bytes)
|Packets: 4||Duration: n/a||Downloads: 5564|
This is a connection termination packet in which both the server and client sends fin & ack to each other.
For details of how connection is been teared down by both client and server see the link below.
gratuitous arp hsrp.cap (480 bytes)
|Packets: 6||Duration: 6s||Downloads: 6842|
When router take the role of active in hsrp it sends a gratuitous arp in which source mac is 00:00:0c:07:ac:01, the switches update their mac table for the newly learned mac and starts forwarding to that port.
ospf simple password authentication.cap (766 bytes)
|Packets: 7||Duration: 60s||Downloads: 5182|
Simple password authentication in ospf in which we can see password in clear text.
Also the auth type is also specified in the packet which is simple password.
I have also found a very interesting article regarding md5 auth mistakes made by many network engineers the link of which is below.
|Packets: 10||Duration: 2s||Downloads: 4873|
ping packet with record route option set and IP addresses of all outgoing and incoming interfaces along the path.
In that we can also see position of current pointer.
dtls_null.cap (2.2 KB)
|Packets: 7||Duration: 7s||Downloads: 3061|
DTLS handshake with one application data packet.
Authentication with server certificate only.
NULL encryption is used to demonstrate the transmission of "TESTING"
MSTP_Intra-Region_BPDUs.cap (1.7 KB)
|Packets: 10||Duration: 10s||Downloads: 6637|
MSTP BPDUs captured on an intra-region root port.
00:1f:27:b4:7d:80 - CIST Root (is in another MSTP Region)
00:16:46:b5:8c:80 - CIST Regional Root, Root for Instance 0, 2
00:1e:f7:05:a8:80 - Root for Instance 1
Notice in frame 1 that 00:1e:f7:05:a8:80 uses 32768.00:16:46:b5:8c:80 (Regional Root BID) as bridge ID in the main STP header to make the region appear as a single bridge.
IGMP_V1.cap (2.0 KB)
|Packets: 27||Duration: 259s||Downloads: 5984|
All IGMP V1 requests : Query General, Join specific group
IGMP_V2.cap (1.3 KB)
|Packets: 18||Duration: 133s||Downloads: 7613|
All IGMP V2 requests : Query General, Query specfic group, Join specific group, leave specific group
stun2.cap (102 bytes)
|Packets: 1||Duration: n/a||Downloads: 3446|
Stun (2) Protocol. UDP Holepunching technique.
packet-c.cap (675.0 KB)
|Packets: 926||Duration: 13s||Downloads: 8082|
This is a packet capture from a SonicWall. We were troubleshooting DHCP packet flows. The SonicWall saw the DHCP Discover and Sent an Offer. We never saw the DHCP acknowledgement. In the adjacent core stacked switching we were running "debug ip dhcp server packets" we only saw discover packets from IP phones up to the SonicWall. For some reason the SonicWall could not let any other DHCP packets through or out of it INSIDE (LAN) interface. Even if we put an ANY-ANY ALC for that interface. We ended up having to replace the SonicWall and upload the configuration from the old SonicWall to the new one.
IPv6_RTSP.cap (15.5 KB)
|Packets: 17||Duration: 3s||Downloads: 4501|
This capture contains IPv6_RTSP packets. Accessed IPv6 enabled RTSP server using 6in4 tunnel.
OCSP-Not_Implemted.cap (1.1 KB)
|Packets: 10||Duration: n/a||Downloads: 5918|
OCSP-Revoked.cap (1.8 KB)
|Packets: 10||Duration: n/a||Downloads: 4744|
OCSP (Comodo - FAKE crt Addons-mozilla-org)
OCSP-Good.cap (3.5 KB)
|Packets: 14||Duration: 1s||Downloads: 5700|
OCSP_Good (CRL HTTPS CA Verisign)
traceroute_MPLS.cap (3.3 KB)
|Packets: 29||Duration: 3s||Downloads: 10669|
cm4116_telnet.cap (9.4 KB)
|Packets: 113||Duration: 14s||Downloads: 8315|
Short Telnet session with an Opengear CM4116 used to demonstrate the urgent flag and pointer
HTTP.cap (24.9 KB)
|Packets: 40||Duration: n/a||Downloads: 13899|
Simple HTTP transfer of a PNG image using wget
DHCP_MessageType 10,11,12 and 13.cap (1.9 KB)
|Packets: 6||Duration: 13s||Downloads: 8399|
Access Concentrator/router queries lease for particular IP addresses using message type as "DHCP LEASE QUERY" and gets response as DHCP LEASE ACTIVE,LEASE UNASSIGNED and LEASE UNKNOWN.
Access Concenttrator/Router IP=10.10.39.14
DHCP server IP=10.10.35.33
QinQ.pcap.cap (184 bytes)
|Packets: 2||Duration: 2s||Downloads: 9744|
ARP requests having two vlan IDs attached (QinQ)
iphttps.cap (12.4 KB)
|Packets: 83||Duration: 38s||Downloads: 9070|
IP-HTTPS capture. This is Microsoft's IPv6 inside HTTPS tunneling for DirectAccess.
WCCPv2.pcap.cap (2.8 KB)
|Packets: 15||Duration: 27s||Downloads: 6054|
WCCP communication captures between 7200 Router and a WCCP capable optimization device (In my case it is Riverbed's Stealhead 2050)
LLDP_and_CDP.cap (4.0 KB)
|Packets: 12||Duration: 98s||Downloads: 8877|
LLDP and CDP advertisements sent between two switches, S1 and S2.
TACACS+_encrypted.cap (2.8 KB)
|Packets: 34||Duration: 7s||Downloads: 7623|
TACACS+ authentication and authorization requests as made by a Cisco IOS router upon a user logging in via Telnet.
|Packets: 65||Duration: 46s||Downloads: 10234|
Dual-stack PPPoE: IP (IPv4) and IPv6 with DHCPv6
ICMP_over_L2TPv3_Pseudowire.pcap.cap (5.3 KB)
|Packets: 38||Duration: 30s||Downloads: 8221|
ICMP pings from a CE to a second CE via a L2TPv3 pseudowire.