Packet Captures
cm4116_telnet.cap (9.4 KB)
| Packets: 113 | Duration: 14s | Downloads: 2712 |
Short Telnet session with an Opengear CM4116 used to demonstrate the urgent flag and pointer
- Categories: Management
- Protocols: Ethernet, IP, TCP, Telnet
HTTP.cap (24.9 KB)
| Packets: 40 | Duration: n/a | Downloads: 4168 |
Simple HTTP transfer of a PNG image using wget
DHCP_MessageType 10,11,12 and 13.cap (1.9 KB)
| Packets: 6 | Duration: 13s | Downloads: 2819 |
Access Concentrator/router queries lease for particular IP addresses using message type as "DHCP LEASE QUERY" and gets response as DHCP LEASE ACTIVE,LEASE UNASSIGNED and LEASE UNKNOWN.
Access Concenttrator/Router IP=10.10.39.14
DHCP server IP=10.10.35.33
QinQ.pcap.cap (184 bytes)
| Packets: 2 | Duration: 2s | Downloads: 3413 |
ARP requests having two vlan IDs attached (QinQ)
iphttps.cap (12.4 KB)
| Packets: 83 | Duration: 38s | Downloads: 3428 |
IP-HTTPS capture. This is Microsoft's IPv6 inside HTTPS tunneling for DirectAccess.
WCCPv2.pcap.cap (2.8 KB)
| Packets: 15 | Duration: 27s | Downloads: 2447 |
WCCP communication captures between 7200 Router and a WCCP capable optimization device (In my case it is Riverbed's Stealhead 2050)
LLDP_and_CDP.cap (4.0 KB)
| Packets: 12 | Duration: 98s | Downloads: 3204 |
LLDP and CDP advertisements sent between two switches, S1 and S2.
TACACS+_encrypted.cap (2.8 KB)
| Packets: 34 | Duration: 7s | Downloads: 2896 |
TACACS+ authentication and authorization requests as made by a Cisco IOS router upon a user logging in via Telnet.
- Categories: Management
- Protocols: Ethernet, IP, TACACS+, TCP
PPPoE_Dual-Stack_IPv4_IPv6-with_DHCPv6.cap (6.1 KB)
| Packets: 65 | Duration: 46s | Downloads: 3422 |
Dual-stack PPPoE: IP (IPv4) and IPv6 with DHCPv6
ICMP_over_L2TPv3_Pseudowire.pcap.cap (5.3 KB)
| Packets: 38 | Duration: 30s | Downloads: 3134 |
ICMP pings from a CE to a second CE via a L2TPv3 pseudowire.
802.1Q_tunneling.cap (5.0 KB)
| Packets: 26 | Duration: 35s | Downloads: 5847 |
BGP_MP_NLRI.cap (2.9 KB)
| Packets: 24 | Duration: 60s | Downloads: 4291 |
IPv6 routes are carried as a separate address family inside MP_REACH_NLRI attributes.
TCP_SACK.cap (27.5 KB)
| Packets: 39 | Duration: n/a | Downloads: 11411 |
A TCP SACK option is included in packets #31, #33, #35, and #37. The missing segment is retransmitted in packet #38.
DECnet_Phone.pcap.cap (7.5 KB)
| Packets: 139 | Duration: 100s | Downloads: 3200 |
A DECnet Phone session, using the Linux DECnet stack and a clone/port of the OpenVMS eponymous tool.
rpvstp-trunk-native-vid5.pcap.cap (1.8 KB)
| Packets: 22 | Duration: 11s | Downloads: 4161 |
Rapid per-VLAN spanning tree capture of a trunk port, configured with native VLAN 5, VLAN 1 is also active over the trunk.
Capture shows that 3 BPDUs are sent out, one for classic STP (Frame 4, for example), one for the native VLAN 5 (not tagged - Frame 5) and one for each other active VLAN (tagged - Frame 3).
The PVST BPDUs contain the VLAN ID at the end of the frame (01 and 05, respectively).
rpvstp-trunk-native-vid1.pcap.cap (6.4 KB)
| Packets: 81 | Duration: 45s | Downloads: 3367 |
Rapid per-VLAN spanning tree capture of a trunk port, configured with native VLAN 1 (default), VLAN 5 is also active over the trunk.
Capture shows that 3 BPDUs are sent out, one for classic STP (Frame 4, for example), one for the native VLAN (not tagged - Frame 3) and one for each other active VLAN (tagged - Frame 5).
The PVST BPDUs contain the VLAN ID at the end of the frame (01 and 05, respectively).
rpvstp-access.pcap.cap (3.7 KB)
| Packets: 49 | Duration: 77s | Downloads: 3133 |
Rapid per-VLAN spanning tree capture of an access port (without portfast), configured in VLAN 5.
Frame-Relay over MPLS.pcap.cap (1.4 KB)
| Packets: 10 | Duration: 1s | Downloads: 3976 |
ICMP on a Frame-relay over MPLS link. If Wireshark doesn't understand it's FR, right click on a packet, select "Decode as" from the menu and select "Frame Relay DLCI PW" on the "MPLS" tab.
EoMPLS_802.1q.pcap.cap (1.6 KB)
| Packets: 10 | Duration: 1s | Downloads: 3988 |
ICMP over EoMPLS with 802.1q tagging
LDP_Ethernet_FrameRelay.pcap.cap (2.1 KB)
| Packets: 14 | Duration: 7s | Downloads: 3495 |
LDP with pseudowire FEC elements (Ethernet and Frame-Relay DLCI-to-DLCI)
BGP_MD5.cap (1.7 KB)
| Packets: 16 | Duration: 61s | Downloads: 4155 |
An EBGP with TCP MD5 authentication enabled
- Categories: Authentication, Routing Protocols
- Protocols: BGP, Ethernet, IP, TCP
PAGP.cap (2.5 KB)
| Packets: 25 | Duration: 95s | Downloads: 3143 |
LACP.cap (2.8 KB)
| Packets: 20 | Duration: 112s | Downloads: 3988 |
EoMPLS.cap (7.0 KB)
| Packets: 56 | Duration: 32s | Downloads: 3768 |
Routers at 1.1.2.1 and 1.1.2.2 are PEs in a MPLS cloud. LDP starts at packet 8 and they build up a pseudo-wire VC (last FEC in packets 11 and 13). At packet 15 we already have STP running between CE1 and CE2 (two routers with ESW), encapsulated in 2 MPLS headers. All the ethernet stuff follows: CDP, ARP, ICMP between two hosts on the same subnet.
DHCP_Inter_VLAN.cap (2.0 KB)
| Packets: 4 | Duration: n/a | Downloads: 3712 |
R1 is a router-on-a-stick. It receives a DHCP Discover on the trunk interface, it sets the "Relay agent IP address" to the sub-interface's IP address it received the packet on and, finally, it forwards it to the DHCP server. Capture perspective is R1-DHCP server link.
PIM_register_register-stop.cap (258 bytes)
| Packets: 2 | Duration: n/a | Downloads: 3181 |
Switch at 192.168.0.6 receives an IGMP request for the group 239.1.2.3, encapsulates the original IGMP packet in a PIM Register and sends it to the RP at 192.168.1.254. In packet #2 RP sends a Register-Stop to the switch.
DHCP.cap (5.8 KB)
| Packets: 12 | Duration: 153s | Downloads: 4383 |
R0 is the client and R1 is the DHCP server. Lease time is 1 minute.
VRRP_preempt.cap (1.2 KB)
| Packets: 16 | Duration: 14s | Downloads: 2819 |
Initially R3 is the master, R2 is backup, and R1 is offline. R1 comes back online with a priority of 200, preempting R3 to become the master router.
- Categories: Redundancy
- Protocols: Ethernet, IP, VRRP
VRRP_failover.cap (2.4 KB)
| Packets: 32 | Duration: 33s | Downloads: 4032 |
The master router (R1) goes offline. After the down interval passes (roughly 3 seconds), R3 takes over as the master router in packet #12. R2 also offers to take over but R3 wins because it has the higher IP address.
- Categories: Redundancy
- Protocols: Ethernet, IP, VRRP
UDLD.cap (3.3 KB)
| Packets: 29 | Duration: 93s | Downloads: 2906 |
Unidirectional Link Detection (UDLD) is used to monitor the status of a link between a Catalyst 2960 and a Catalyst 3560. Note that echos are initially sent at very small intervals, gradually throttling back to the configured interval of 15 seconds.
- Categories: Cisco-proprietary, Switching
- Protocols: Ethernet, LLC, UDLD