Packet Captures
bgplu.cap 2.1 KB
Submitted Jan 24, 2016 by mxiao
BGP Labeled Unicast
Packets: 22 | Duration: 4s | Downloads: 8247 |
bgp as confed sequence.pcapng.cap 432 bytes
Submitted Apr 4, 2014 by altafk
AS confederation sequence set in the BGP updates. Confederations are used to minimize IBGP mesh between BGP speakers but IBGP rules apply between EBGP sub confederation peers. AS confederation sequence are an ordered list of Autonomous systems passed within confederations.
Packets: 1 | Duration: n/a | Downloads: 4630 |
bgp orf prefix advertisement.pcapng.cap 336 bytes
Submitted Apr 3, 2014 by altafk
BGP prefix list sent during route refresh when outbound route filtering is configured. here we clearly see whether the prefix list is add or delete and permit or deny. Also we can see the actual network/mask sent.
Packets: 1 | Duration: n/a | Downloads: 4768 |
bgp orf capabilty negotitation.pcapng.cap 328 bytes
Submitted Apr 3, 2014 by altafk
BGP outbound route filtering capabilities negotiation between BGP speakers, sent during route [ Cisco PrefixList ORF-Type (128)].
Packets: 1 | Duration: n/a | Downloads: 4063 |
bgp med.pcapng.cap 364 bytes
Submitted Apr 2, 2014 by altafk
BGP metric value set to 242( just a random value), used as a suggestion for peer in neighboring AS to influence incoming traffic.
Packets: 1 | Duration: n/a | Downloads: 4000 |
no-advertise community.pcapng.cap 420 bytes
Submitted Mar 31, 2014 by altafk
BGP update packet with no-advertise community set [Community:NO_ADVERTISE (0xffffff02)] A BGP router telling its BGP peer not to advertise this route to any other peer whether EBGP or IBGP.
Packets: 2 | Duration: n/a | Downloads: 3889 |
BGP_MP_NLRI.cap 2.9 KB
Submitted Jun 28, 2010
IPv6 routes are carried as a separate address family inside MP_REACH_NLRI attributes.
Packets: 24 | Duration: 60s | Downloads: 16615 |
4-byte_AS_numbers_Mixed_Scenario.cap 414 bytes
Submitted Apr 30, 2010 by pierky
Router "B" (AS 2) at 172.16.3.2 does not support 4-byte AS numbers, while router "A" (AS 10.1 / 655361) at 172.16.3.1 does.
Router "A" receives an UPDATE for the 40.0.0.0/8 subnet from an external router ("D") in the AS 40.1 / 2621441 (not shown), and it forwards it to "B" (pkt n. 2): AS_PATH contains "23456 23456" (the first stands for AS 10.1, the second for the originating AS 40.1), but NEW_AS_PATH contains the real 4-byte AS numbers.
At pkt n. 3 "B" receives the same subnet directly from "D" and sends it to "A", including the original NEW_AS_PATH attribute previously appended by "D".
Packets: 4 | Duration: 60s | Downloads: 9551 |
4-byte_AS_numbers_Full_Support.cap 1.2 KB
Submitted Apr 30, 2010 by pierky
Router at 172.16.1.2 (hostname "D", AS 40.1 / 2621441) clears a previous established peering with 172.16.1.1 (hostname "A", AS 10.1 / 655361); They both support 32-bit ASN.
While opening the new session, they negotiate the "Four-octet AS Number Capability" (pkts n. 2 and 3).
Then, both "A" and "D" send some UPDATEs containing 4-octect encoded AS_PATH attributes (pkts n. 6 and 9). Please note: WireShark may show wrong paths unless you force 4-byte encoding in the Preferences / Protocols / BGP options.
Packets: 9 | Duration: 56s | Downloads: 8906 |
BGP_MD5.cap 1.7 KB
Submitted Nov 26, 2009
An EBGP with TCP MD5 authentication enabled
Packets: 16 | Duration: 61s | Downloads: 10882 |
BGP_redist.cap 378 bytes
Submitted Oct 28, 2009 by colinbsd
The OSPF metric is preserved and propagated within the MPLS cloud by the MP-BGP MED attribute.
Packets: 2 | Duration: n/a | Downloads: 10068 |
OSPF_Down-Bit.cap 8.9 KB
Submitted Oct 27, 2009 by colinbsd
LSA Update with down bit set. Router R5 56.0.0.5 PE is receiving an update from the MPLS VPN, which is advertised to CE 56.0.0.6 ospf routing table. In order for for the packet(LSA) not to be re-advertised back into the MPLS cloud through another PE(2) router, PE sets the Down-bit to 1. filter: ospf.v2.options.dn == 1
Packets: 98 | Duration: 203s | Downloads: 9666 |
RIPv2_subnet_down.cap 1.3 KB
Submitted Sep 14, 2009
RIPv2 routes are being flooded on the R1-R2 link. R2's connection to 192.168.2.0/24 goes down, and the route is advertised as unreachable (metric 16) in packet #7. Capture perspective from R1's 10.0.0.1 interface.
Packets: 10 | Duration: 86s | Downloads: 8552 |
RIPv2.cap 1.7 KB
Submitted Sep 14, 2009
A RIPv2 router periodically flooding its database. Capture perspective from R1's 10.0.0.1 interface.
Packets: 12 | Duration: 141s | Downloads: 10402 |
RIPv1_subnet_down.cap 1.0 KB
Submitted Sep 14, 2009
RIPv1 routes are being flooded on the R1-R2 link. R2's connection to 192.168.2.0/24 goes down, and the route is advertised as unreachable (metric 16) in packet #5. Capture perspective from R1's 10.0.1.1 interface.
Packets: 8 | Duration: 58s | Downloads: 6518 |
RIPv1.cap 876 bytes
Submitted Sep 14, 2009
A RIPv1 router periodically flooding its database. Capture perspective from R1's 10.0.1.1 interface.
Packets: 6 | Duration: 65s | Downloads: 7673 |
PIMv2_hellos.cap 528 bytes
Submitted Sep 14, 2009
Routers 1 and 2 exchange PIMv2 hello packets.
Packets: 6 | Duration: 63s | Downloads: 9271 |
PIMv2_bootstrap.cap 712 bytes
Submitted Sep 14, 2009
Router 1 is the BSR and routers 2 and 3 are candidate RPs with the default priority of 0. R1 collects the RP advertisement unicasts from R2 and R3 and combines them in a bootstrap multicast to all PIM routers. Capture perspective is the R1-R3 link.
Packets: 8 | Duration: 184s | Downloads: 7346 |
PIM-SM_join_prune.cap 3.8 KB
Submitted Sep 14, 2009
A host on R4's 172.16.20.0/24 subnet requests to join the 239.123.123.123 group. R4 sends a PIMv2 join message up to the RP (R1). Subsequent join messages are sent every 30 seconds, until R4 determines it no longer has any interested hosts and sends a prune request (packet #45). PIMv1 RP-Reachable messages for the group are also visible from R1.
Packets: 47 | Duration: 473s | Downloads: 11553 |
PIM-DM_pruning.cap 10.2 KB
Submitted Sep 14, 2009
The multicast source at 172.16.40.10 begins sending traffic to the group 239.123.123.123, and PIM-DM floods the traffic down the tree. R4 has no group members, and prunes itself from the tree. R2 and R3 then realize they have no members, and each prunes itself from the tree. The capture shows R2 receiving the multicast traffic flooded from R1 and subsequently pruning itself every three minutes.
Packets: 38 | Duration: 415s | Downloads: 7053 |
OSPF_with_MD5_auth.cap 4.6 KB
Submitted Sep 14, 2009
An OSPF adjacency is formed between two routers configured to use MD5 authentication.
Packets: 34 | Duration: 63s | Downloads: 7897 |
OSPF_type7_LSA.cap 3.6 KB
Submitted Sep 14, 2009
Area 10 is configured as a not-so-stubby area (NSSA). The capture records the adjacency formed between routers 2 and 3. The link state update in packet #11 includes several type 7 LSAs from R2. Capture perspective from R3's 10.0.10.1 interface.
Packets: 25 | Duration: 32s | Downloads: 9053 |
OSPF_point-to-point_adjacencies.cap 9.9 KB
Submitted Sep 14, 2009
The frame relay network between four routers is configured with point-to-point subinterfaces. No DR/BDR is required as all adjacencies are point-to-point. Capture perspective from R1.
Packets: 93 | Duration: 35s | Downloads: 11008 |
OSPF_NBMA_adjacencies.cap 11.7 KB
Submitted Sep 14, 2009
Formation of OSPF adjacencies across a Non-broadcast Multiaccess (NBMA) frame relay topology. Neighbors have been manually specified on all routers, with R1 configured to become the DR. No BDR is present. Capture perspective from R1.
Packets: 99 | Duration: 66s | Downloads: 7505 |
OSPF_multipoint_adjacencies.cap 16.3 KB
Submitted Sep 14, 2009
Routers 1 through 4 are configured to view the non-broadcast frame relay network as a point-to-multipoint topology. Adjacencies are formed without the need of a DR or BDR. Note that inverse ARP was used to dynamically learn the addresses of neighbors.
ARP Frame Relay IP LMI OSPF Q933
Packets: 196 | Duration: 277s | Downloads: 8926 |