BGP_MP_NLRI.cap (2.9 KB)
|Packets: 24||Duration: 60s||Downloads: 10238|
IPv6 routes are carried as a separate address family inside MP_REACH_NLRI attributes.
4-byte_AS_numbers_Mixed_Scenario.cap (414 bytes)
|Packets: 4||Duration: 60s||Downloads: 6070|
Router "B" (AS 2) at 172.16.3.2 does not support 4-byte AS numbers, while router "A" (AS 10.1 / 655361) at 172.16.3.1 does.
Router "A" receives an UPDATE for the 18.104.22.168/8 subnet from an external router ("D") in the AS 40.1 / 2621441 (not shown), and it forwards it to "B" (pkt n. 2): AS_PATH contains "23456 23456" (the first stands for AS 10.1, the second for the originating AS 40.1), but NEW_AS_PATH contains the real 4-byte AS numbers.
At pkt n. 3 "B" receives the same subnet directly from "D" and sends it to "A", including the original NEW_AS_PATH attribute previously appended by "D".
4-byte_AS_numbers_Full_Support.cap (1.2 KB)
|Packets: 9||Duration: 56s||Downloads: 5583|
Router at 172.16.1.2 (hostname "D", AS 40.1 / 2621441) clears a previous established peering with 172.16.1.1 (hostname "A", AS 10.1 / 655361); They both support 32-bit ASN.
While opening the new session, they negotiate the "Four-octet AS Number Capability" (pkts n. 2 and 3).
Then, both "A" and "D" send some UPDATEs containing 4-octect encoded AS_PATH attributes (pkts n. 6 and 9). Please note: WireShark may show wrong paths unless you force 4-byte encoding in the Preferences / Protocols / BGP options.
BGP_MD5.cap (1.7 KB)
|Packets: 16||Duration: 61s||Downloads: 6719|
An EBGP with TCP MD5 authentication enabled
BGP_redist.cap (378 bytes)
|Packets: 2||Duration: n/a||Downloads: 6502|
The OSPF metric is preserved and propagated within the MPLS cloud by the MP-BGP MED attribute.
OSPF_Down-Bit.cap (8.9 KB)
|Packets: 98||Duration: 203s||Downloads: 5769|
LSA Update with down bit set. Router R5 22.214.171.124 PE is receiving an update from the MPLS VPN, which is advertised to CE 126.96.36.199 ospf routing table. In order for for the packet(LSA) not to be re-advertised back into the MPLS cloud through another PE(2) router, PE sets the Down-bit to 1. filter: ospf.v2.options.dn == 1
RIPv2_subnet_down.cap (1.3 KB)
|Packets: 10||Duration: 86s||Downloads: 4557|
RIPv2 routes are being flooded on the R1-R2 link. R2's connection to 192.168.2.0/24 goes down, and the route is advertised as unreachable (metric 16) in packet #7. Capture perspective from R1's 10.0.0.1 interface.
RIPv2.cap (1.7 KB)
|Packets: 12||Duration: 141s||Downloads: 5096|
A RIPv2 router periodically flooding its database. Capture perspective from R1's 10.0.0.1 interface.
RIPv1_subnet_down.cap (1.0 KB)
|Packets: 8||Duration: 58s||Downloads: 3700|
RIPv1 routes are being flooded on the R1-R2 link. R2's connection to 192.168.2.0/24 goes down, and the route is advertised as unreachable (metric 16) in packet #5. Capture perspective from R1's 10.0.1.1 interface.
RIPv1.cap (876 bytes)
|Packets: 6||Duration: 65s||Downloads: 4161|
A RIPv1 router periodically flooding its database. Capture perspective from R1's 10.0.1.1 interface.
PIMv2_hellos.cap (528 bytes)
|Packets: 6||Duration: 63s||Downloads: 4678|
Routers 1 and 2 exchange PIMv2 hello packets.
PIMv2_bootstrap.cap (712 bytes)
|Packets: 8||Duration: 184s||Downloads: 3958|
Router 1 is the BSR and routers 2 and 3 are candidate RPs with the default priority of 0. R1 collects the RP advertisement unicasts from R2 and R3 and combines them in a bootstrap multicast to all PIM routers. Capture perspective is the R1-R3 link.
PIM-SM_join_prune.cap (3.8 KB)
|Packets: 47||Duration: 473s||Downloads: 5578|
A host on R4's 172.16.20.0/24 subnet requests to join the 188.8.131.52 group. R4 sends a PIMv2 join message up to the RP (R1). Subsequent join messages are sent every 30 seconds, until R4 determines it no longer has any interested hosts and sends a prune request (packet #45). PIMv1 RP-Reachable messages for the group are also visible from R1.
PIM-DM_pruning.cap (10.2 KB)
|Packets: 38||Duration: 415s||Downloads: 3733|
The multicast source at 172.16.40.10 begins sending traffic to the group 184.108.40.206, and PIM-DM floods the traffic down the tree. R4 has no group members, and prunes itself from the tree. R2 and R3 then realize they have no members, and each prunes itself from the tree. The capture shows R2 receiving the multicast traffic flooded from R1 and subsequently pruning itself every three minutes.
OSPF_with_MD5_auth.cap (4.6 KB)
|Packets: 34||Duration: 63s||Downloads: 4243|
An OSPF adjacency is formed between two routers configured to use MD5 authentication.
OSPF_type7_LSA.cap (3.6 KB)
|Packets: 25||Duration: 32s||Downloads: 4627|
Area 10 is configured as a not-so-stubby area (NSSA). The capture records the adjacency formed between routers 2 and 3. The link state update in packet #11 includes several type 7 LSAs from R2. Capture perspective from R3's 10.0.10.1 interface.
OSPF_point-to-point_adjacencies.cap (9.9 KB)
|Packets: 93||Duration: 35s||Downloads: 5508|
The frame relay network between four routers is configured with point-to-point subinterfaces. No DR/BDR is required as all adjacencies are point-to-point. Capture perspective from R1.
OSPF_NBMA_adjacencies.cap (11.7 KB)
|Packets: 99||Duration: 66s||Downloads: 3973|
Formation of OSPF adjacencies across a Non-broadcast Multiaccess (NBMA) frame relay topology. Neighbors have been manually specified on all routers, with R1 configured to become the DR. No BDR is present. Capture perspective from R1.
OSPF_multipoint_adjacencies.cap (16.3 KB)
|Packets: 196||Duration: 277s||Downloads: 4745|
Routers 1 through 4 are configured to view the non-broadcast frame relay network as a point-to-multipoint topology. Adjacencies are formed without the need of a DR or BDR. Note that inverse ARP was used to dynamically learn the addresses of neighbors.
OSPF_LSA_types.cap (4.0 KB)
|Packets: 30||Duration: 63s||Downloads: 5767|
Capture of adjacency formation between OSPF routers 4 and 5 in area 20. Packet #12 contains LSAs of types 1, 2, 3, 4, and 5.
OSPF_broadcast_adjacencies.cap (8.4 KB)
|Packets: 74||Duration: 95s||Downloads: 5027|
Three routers form OSPF adjacencies across a broadcast segment. All interface priorities are left default, so R3 (with the highest router ID) becomes the DR, and R2 (with the next-highest router ID) becomes the BDR. Capture perspective from R1.
OSPFv3_with_AH.cap (10.7 KB)
|Packets: 61||Duration: 170s||Downloads: 4580|
The adjacency between R1 and R2 in the 2001:db8:0:12::/64 subnet is configured with IPsec AH authentication. Note the inclusion of an IPsec AH header immediately following the IPv6 header of each OSPF packet.
OSPFv3_NBMA_adjacencies.cap (12.9 KB)
|Packets: 86||Duration: 90s||Downloads: 3435|
Router 3 forms OSPFv3 adjacencies with routers 1 and two across the non-broadcast multi-access (NBMA) frame relay link.
OSPFv3_multipoint_adjacencies.cap (11.5 KB)
|Packets: 73||Duration: 35s||Downloads: 3486|
The frame relay link connecting routers 1, 2, and 3 has been configured as a point-to-multipoint network with broadcast capability. Router 3 forms OSPFv3 adjacencies with routers 1 and 2, but no DR or BDR is elected.
OSPFv3_broadcast_adjacency.cap (5.4 KB)
|Packets: 38||Duration: 70s||Downloads: 3919|
Routers 1 and 2 form an OSPFv3 adjacency across their common Ethernet link (2001:db8:0:12::/64).
mtrace.cap (238 bytes)
|Packets: 2||Duration: n/a||Downloads: 3390|
mtrace 172.16.40.1 172.16.20.1 is issued on R1 to trace the RPF path from R4's 172.16.20.0/24 subnet to R1's 172.16.40.0/24 subnet. The capture is taken on the R1-R3 link.
MSDP.cap (4.1 KB)
|Packets: 35||Duration: 391s||Downloads: 3517|
R2 and R3 become MSDP peers and exchange keepalives. A multicast source 172.16.40.10 begins sending traffic to group 220.127.116.11, and R2 begins sending periodic source active messages to R3. Capture perspective is the R2-R3 link.
mrinfo_query.cap (182 bytes)
|Packets: 2||Duration: n/a||Downloads: 3101|
mrinfo 18.104.22.168 is issued on R1. DVMRPv3 is used to query R2 for its multicast interfaces.
LDP_adjacency.cap (5.7 KB)
|Packets: 61||Duration: 108s||Downloads: 4970|
PE1 and P1 multicast LDP hellos to 22.214.171.124 on UDP port 646. They then establish an adjacency on TCP port 646 and exchange labels.