Packet Captures
BGP_MP_NLRI.cap (2.9 KB)
| Packets: 24 | Duration: 60s | Downloads: 4291 |
IPv6 routes are carried as a separate address family inside MP_REACH_NLRI attributes.
4-byte_AS_numbers_Mixed_Scenario.cap (414 bytes)
| Packets: 4 | Duration: 60s | Downloads: 3457 |
Router "B" (AS 2) at 172.16.3.2 does not support 4-byte AS numbers, while router "A" (AS 10.1 / 655361) at 172.16.3.1 does.
Router "A" receives an UPDATE for the 40.0.0.0/8 subnet from an external router ("D") in the AS 40.1 / 2621441 (not shown), and it forwards it to "B" (pkt n. 2): AS_PATH contains "23456 23456" (the first stands for AS 10.1, the second for the originating AS 40.1), but NEW_AS_PATH contains the real 4-byte AS numbers.
At pkt n. 3 "B" receives the same subnet directly from "D" and sends it to "A", including the original NEW_AS_PATH attribute previously appended by "D".
- Categories: Routing Protocols
- Protocols: BGP, HDLC, IP, TCP
4-byte_AS_numbers_Full_Support.cap (1.2 KB)
| Packets: 9 | Duration: 56s | Downloads: 3218 |
Router at 172.16.1.2 (hostname "D", AS 40.1 / 2621441) clears a previous established peering with 172.16.1.1 (hostname "A", AS 10.1 / 655361); They both support 32-bit ASN.
While opening the new session, they negotiate the "Four-octet AS Number Capability" (pkts n. 2 and 3).
Then, both "A" and "D" send some UPDATEs containing 4-octect encoded AS_PATH attributes (pkts n. 6 and 9). Please note: WireShark may show wrong paths unless you force 4-byte encoding in the Preferences / Protocols / BGP options.
- Categories: Routing Protocols
- Protocols: BGP, HDLC, IP, TCP
BGP_MD5.cap (1.7 KB)
| Packets: 16 | Duration: 61s | Downloads: 4155 |
An EBGP with TCP MD5 authentication enabled
- Categories: Authentication, Routing Protocols
- Protocols: BGP, Ethernet, IP, TCP
BGP_redist.cap (378 bytes)
| Packets: 2 | Duration: n/a | Downloads: 3514 |
The OSPF metric is preserved and propagated within the MPLS cloud by the MP-BGP MED attribute.
OSPF_Down-Bit.cap (8.9 KB)
| Packets: 98 | Duration: 203s | Downloads: 3551 |
LSA Update with down bit set. Router R5 56.0.0.5 PE is receiving an update from the MPLS VPN, which is advertised to CE 56.0.0.6 ospf routing table. In order for for the packet(LSA) not to be re-advertised back into the MPLS cloud through another PE(2) router, PE sets the Down-bit to 1. filter: ospf.v2.options.dn == 1
RIPv2_subnet_down.cap (1.3 KB)
| Packets: 10 | Duration: 86s | Downloads: 2354 |
RIPv2 routes are being flooded on the R1-R2 link. R2's connection to 192.168.2.0/24 goes down, and the route is advertised as unreachable (metric 16) in packet #7. Capture perspective from R1's 10.0.0.1 interface.
- Categories: Routing Protocols
- Protocols: Ethernet, IP, RIP, UDP
RIPv2.cap (1.7 KB)
| Packets: 12 | Duration: 141s | Downloads: 2550 |
A RIPv2 router periodically flooding its database. Capture perspective from R1's 10.0.0.1 interface.
- Categories: Routing Protocols
- Protocols: Ethernet, IP, RIP, UDP
RIPv1_subnet_down.cap (1.0 KB)
| Packets: 8 | Duration: 58s | Downloads: 1979 |
RIPv1 routes are being flooded on the R1-R2 link. R2's connection to 192.168.2.0/24 goes down, and the route is advertised as unreachable (metric 16) in packet #5. Capture perspective from R1's 10.0.1.1 interface.
- Categories: Routing Protocols
- Protocols: Ethernet, IP, RIP, UDP
RIPv1.cap (876 bytes)
| Packets: 6 | Duration: 65s | Downloads: 2137 |
A RIPv1 router periodically flooding its database. Capture perspective from R1's 10.0.1.1 interface.
- Categories: Routing Protocols
- Protocols: Ethernet, IP, RIP, UDP
PIMv2_hellos.cap (528 bytes)
| Packets: 6 | Duration: 63s | Downloads: 2366 |
Routers 1 and 2 exchange PIMv2 hello packets.
- Categories: Multicast, Routing Protocols
- Protocols: Ethernet, IP, PIM
PIMv2_bootstrap.cap (712 bytes)
| Packets: 8 | Duration: 184s | Downloads: 2115 |
Router 1 is the BSR and routers 2 and 3 are candidate RPs with the default priority of 0. R1 collects the RP advertisement unicasts from R2 and R3 and combines them in a bootstrap multicast to all PIM routers. Capture perspective is the R1-R3 link.
- Categories: Multicast, Routing Protocols
- Protocols: Ethernet, IP, PIM
PIM-SM_join_prune.cap (3.8 KB)
| Packets: 47 | Duration: 473s | Downloads: 2599 |
A host on R4's 172.16.20.0/24 subnet requests to join the 239.123.123.123 group. R4 sends a PIMv2 join message up to the RP (R1). Subsequent join messages are sent every 30 seconds, until R4 determines it no longer has any interested hosts and sends a prune request (packet #45). PIMv1 RP-Reachable messages for the group are also visible from R1.
PIM-DM_pruning.cap (10.2 KB)
| Packets: 38 | Duration: 415s | Downloads: 1963 |
The multicast source at 172.16.40.10 begins sending traffic to the group 239.123.123.123, and PIM-DM floods the traffic down the tree. R4 has no group members, and prunes itself from the tree. R2 and R3 then realize they have no members, and each prunes itself from the tree. The capture shows R2 receiving the multicast traffic flooded from R1 and subsequently pruning itself every three minutes.
OSPF_with_MD5_auth.cap (4.6 KB)
| Packets: 34 | Duration: 63s | Downloads: 2332 |
An OSPF adjacency is formed between two routers configured to use MD5 authentication.
- Categories: Routing Protocols
- Protocols: Ethernet, IP, OSPF
OSPF_type7_LSA.cap (3.6 KB)
| Packets: 25 | Duration: 32s | Downloads: 2309 |
Area 10 is configured as a not-so-stubby area (NSSA). The capture records the adjacency formed between routers 2 and 3. The link state update in packet #11 includes several type 7 LSAs from R2. Capture perspective from R3's 10.0.10.1 interface.
- Categories: Routing Protocols
- Protocols: Ethernet, IP, OSPF
OSPF_point-to-point_adjacencies.cap (9.9 KB)
| Packets: 93 | Duration: 35s | Downloads: 2564 |
The frame relay network between four routers is configured with point-to-point subinterfaces. No DR/BDR is required as all adjacencies are point-to-point. Capture perspective from R1.
- Categories: Routing Protocols
- Protocols: Frame Relay, IP, OSPF
OSPF_NBMA_adjacencies.cap (11.7 KB)
| Packets: 99 | Duration: 66s | Downloads: 2090 |
Formation of OSPF adjacencies across a Non-broadcast Multiaccess (NBMA) frame relay topology. Neighbors have been manually specified on all routers, with R1 configured to become the DR. No BDR is present. Capture perspective from R1.
- Categories: Routing Protocols
- Protocols: Frame Relay, IP, OSPF
OSPF_multipoint_adjacencies.cap (16.3 KB)
| Packets: 196 | Duration: 277s | Downloads: 2551 |
Routers 1 through 4 are configured to view the non-broadcast frame relay network as a point-to-multipoint topology. Adjacencies are formed without the need of a DR or BDR. Note that inverse ARP was used to dynamically learn the addresses of neighbors.
- Categories: Routing Protocols
- Protocols: ARP, Frame Relay, IP, LMI, OSPF, Q933
OSPF_LSA_types.cap (4.0 KB)
| Packets: 30 | Duration: 63s | Downloads: 2546 |
Capture of adjacency formation between OSPF routers 4 and 5 in area 20. Packet #12 contains LSAs of types 1, 2, 3, 4, and 5.
- Categories: Routing Protocols
- Protocols: Ethernet, IP, OSPF
OSPF_broadcast_adjacencies.cap (8.4 KB)
| Packets: 74 | Duration: 95s | Downloads: 2362 |
Three routers form OSPF adjacencies across a broadcast segment. All interface priorities are left default, so R3 (with the highest router ID) becomes the DR, and R2 (with the next-highest router ID) becomes the BDR. Capture perspective from R1.
- Categories: Routing Protocols
- Protocols: Ethernet, IP, OSPF
OSPFv3_with_AH.cap (10.7 KB)
| Packets: 61 | Duration: 170s | Downloads: 2311 |
The adjacency between R1 and R2 in the 2001:db8:0:12::/64 subnet is configured with IPsec AH authentication. Note the inclusion of an IPsec AH header immediately following the IPv6 header of each OSPF packet.
- Categories: Authentication, Routing Protocols
- Protocols: Ethernet, IPv6, OSPF
OSPFv3_NBMA_adjacencies.cap (12.9 KB)
| Packets: 86 | Duration: 90s | Downloads: 1787 |
Router 3 forms OSPFv3 adjacencies with routers 1 and two across the non-broadcast multi-access (NBMA) frame relay link.
- Categories: Routing Protocols
- Protocols: Frame Relay, IPv6, OSPF
OSPFv3_multipoint_adjacencies.cap (11.5 KB)
| Packets: 73 | Duration: 35s | Downloads: 1783 |
The frame relay link connecting routers 1, 2, and 3 has been configured as a point-to-multipoint network with broadcast capability. Router 3 forms OSPFv3 adjacencies with routers 1 and 2, but no DR or BDR is elected.
- Categories: Routing Protocols
- Protocols: Frame Relay, IPv6, OSPF
OSPFv3_broadcast_adjacency.cap (5.4 KB)
| Packets: 38 | Duration: 70s | Downloads: 1989 |
Routers 1 and 2 form an OSPFv3 adjacency across their common Ethernet link (2001:db8:0:12::/64).
- Categories: Routing Protocols
- Protocols: Ethernet, IPv6, OSPF
mtrace.cap (238 bytes)
| Packets: 2 | Duration: n/a | Downloads: 1741 |
mtrace 172.16.40.1 172.16.20.1 is issued on R1 to trace the RPF path from R4's 172.16.20.0/24 subnet to R1's 172.16.40.0/24 subnet. The capture is taken on the R1-R3 link.
- Categories: Multicast, Routing Protocols
- Protocols: Ethernet, IGMP, IP
MSDP.cap (4.1 KB)
| Packets: 35 | Duration: 391s | Downloads: 1750 |
R2 and R3 become MSDP peers and exchange keepalives. A multicast source 172.16.40.10 begins sending traffic to group 239.123.123.123, and R2 begins sending periodic source active messages to R3. Capture perspective is the R2-R3 link.
mrinfo_query.cap (182 bytes)
| Packets: 2 | Duration: n/a | Downloads: 1641 |
mrinfo 2.2.2.2 is issued on R1. DVMRPv3 is used to query R2 for its multicast interfaces.
LDP_adjacency.cap (5.7 KB)
| Packets: 61 | Duration: 108s | Downloads: 2247 |
PE1 and P1 multicast LDP hellos to 224.0.0.2 on UDP port 646. They then establish an adjacency on TCP port 646 and exchange labels.
ISIS_p2p_adjacency.cap (21.7 KB)
| Packets: 26 | Duration: 113s | Downloads: 2110 |
Routers 1 and 2 form a L1/L2 adjacency over a point-to-point serial link. Note that both levels of adjacency are managed with a point-to-point (P2P) hello.
- Categories: Routing Protocols
- Protocols: HDLC, ISIS