Sort by new | name | popular

Packet Captures

Showing 1 - 25 of 94

3560_CDP.cap 1.2 KB

Submitted Sep 14, 2009

Cisco Discovery Protocol (CDP) advertisements from a Catalyst 3560. Note how much information is offered to a potential attacker.

CDP Ethernet LLC

Packets: 3 Duration: 120s Downloads: 6916

3725_CDP.cap 390 bytes

Submitted Sep 14, 2009

Cisco Discovery Protocol (CDP) from FastEthernet0/0 of a Cisco 3725 router.

CDP Ethernet LLC

Packets: 1 Duration: n/a Downloads: 6287

802.1D_spanning_tree.cap 1.1 KB

Submitted Sep 14, 2009

IEEE 802.1D Spanning Tree Protocol (STP) advertisements sent every two seconds.

Ethernet LLC STP

Packets: 14 Duration: 26s Downloads: 13292

802.1Q_tunneling.cap 5.0 KB

Submitted Jun 30, 2010

CDP Ethernet IP LLC VLAN

Packets: 26 Duration: 35s Downloads: 20677

802.1w_rapid_STP.cap 2.3 KB

Submitted Sep 14, 2009

Rapid Spanning Tree Protocol BPDUs are received from a Catalyst switch after connecting to a port not configured for PortFast. The port transitions through the blocking and learning states before issuing a topology change notification (packet #30) and transitioning to the forwarding state.

Ethernet LLC STP

Packets: 30 Duration: 56s Downloads: 11149

802.1X.cap 498 bytes

Submitted Sep 14, 2009

A wired client authenticates to its switch using 802.1x/EAP and MD5 challenge authentication.

EAPoL Ethernet

Packets: 7 Duration: 19s Downloads: 13178

Auto-RP.cap 726 bytes

Submitted Sep 14, 2009

Routers 2 and 3 have been configured as candidate RPs, and multicast RP announcements to 239.0.1.39. Router 1 is the RP. R1 sees the candidate RP announcements from R2 and R3, and designates R3 the RP because it has a higher IP address (3.3.3.3). R1 multicasts the RP mapping to 224.0.1.40. The capture is from the R1-R2 link.

Auto-RP Ethernet IP UDP

Packets: 9 Duration: 239s Downloads: 6215

BGP_AS_set.cap 1.6 KB

Submitted Sep 14, 2009

Packet #15 includes a BGP update containing both an AS sequence and an AS set in its AS path attribute.

BGP Ethernet IP TCP

Packets: 18 Duration: 1s Downloads: 7737

BGP_hard_reset.cap 3.2 KB

Submitted Sep 14, 2009

A hard reset (clear ip bgp) is performed on R1 for its adjacency with R2. Packet #7 shows R1 sending a packet with the TCP FIN flag set, indicating the connection is to be torn down. The TCP connection is then reestablished and UPDATEs are retransmitted.

BGP Ethernet IP TCP

Packets: 32 Duration: 208s Downloads: 6449

BGP_MD5.cap 1.7 KB

Submitted Nov 26, 2009

An EBGP with TCP MD5 authentication enabled

BGP Ethernet IP TCP

Packets: 16 Duration: 61s Downloads: 10611

BGP_MP_NLRI.cap 2.9 KB

Submitted Jun 28, 2010

IPv6 routes are carried as a separate address family inside MP_REACH_NLRI attributes.

BGP Ethernet IP IPv6 TCP

Packets: 24 Duration: 60s Downloads: 16169

BGP_notification.cap 764 bytes

Submitted Sep 14, 2009

R1 has been misconfigured to expect R2 to reside in AS 65100. R2 attempts to peer with R1 advertising itself correctly in AS 65200. R1 issues a NOTIFICATION in packet #5 citing a "bad peer AS" error and terminates the TCP connection.

BGP Ethernet IP TCP

Packets: 9 Duration: n/a Downloads: 6747

BGP_soft_reset.cap 2.0 KB

Submitted Sep 14, 2009

R1 performs a soft bidirectional reset (clear ip bgp soft) on its adjacency with R2. The ROUTE-REFRESH message is visible in packet #7. Note that the TCP connection remains uninterrupted, and neither router views the reset as disruptive.

BGP Ethernet IP TCP

Packets: 17 Duration: 180s Downloads: 6561

cm4116_telnet.cap 9.4 KB

Submitted Mar 1, 2011

Short Telnet session with an Opengear CM4116 used to demonstrate the urgent flag and pointer

Ethernet IP TCP Telnet

Packets: 113 Duration: 14s Downloads: 16911

DECnet_Phone.pcap.cap 7.5 KB

Submitted Jan 13, 2010 by vmlemon

A DECnet Phone session, using the Linux DECnet stack and a clone/port of the OpenVMS eponymous tool.

DEC_DNA Ethernet

Packets: 139 Duration: 100s Downloads: 6927

DHCP.cap 5.8 KB

Submitted Sep 29, 2009 by pierky

R0 is the client and R1 is the DHCP server. Lease time is 1 minute.

BOOTP Ethernet IP UDP

Packets: 12 Duration: 153s Downloads: 11468

DHCP_Inter_VLAN.cap 2.0 KB

Submitted Sep 30, 2009 by pierky

R1 is a router-on-a-stick. It receives a DHCP Discover on the trunk interface, it sets the "Relay agent IP address" to the sub-interface's IP address it received the packet on and, finally, it forwards it to the DHCP server. Capture perspective is R1-DHCP server link.

BOOTP Ethernet IP UDP

Packets: 4 Duration: n/a Downloads: 10969

DHCP_MessageType 10,11,12 and 13.cap 1.9 KB

Submitted Jan 31, 2011 by Jawahar

Access Concentrator/router queries lease for particular IP addresses using message type as "DHCP LEASE QUERY" and gets response as DHCP LEASE ACTIVE,LEASE UNASSIGNED and LEASE UNKNOWN.

Access Concenttrator/Router IP=10.10.39.14
DHCP server IP=10.10.35.33

BOOTP Ethernet IP UDP

Packets: 6 Duration: 13s Downloads: 13114

DTP.cap 934 bytes

Submitted Sep 14, 2009

Dynamic Trunking Protocol (DTP) emanated from a Catalyst 3560 every 60 seconds, both with and without ISL encapsulation.

DTP Ethernet ISL LLC

Packets: 10 Duration: 120s Downloads: 8440

EBGP_adjacency.cap 2.7 KB

Submitted Sep 14, 2009

The external BGP adjacency between routers 1 and 2 is brought online and routes are exchanged. Keepalives are then exchanged every 60 seconds. Note that the IP TTL (normally 1) has been increased to 2 with ebgp-multihop to facilitate communication between the routers' loopback interfaces.

BGP Ethernet IP TCP

Packets: 24 Duration: 182s Downloads: 7889

EIGRPv2_adjacency.cap 4.1 KB

Submitted Sep 14, 2009

Routers 1 and 2 form an EIGRPv2 adjacency and exchange IPv6 routes.

EIGRP Ethernet IPv6

Packets: 31 Duration: 52s Downloads: 7889

EIGRPv2_subnet_transition.cap 5.3 KB

Submitted Sep 14, 2009

R4's 2001:db8:0:400::/64 subnet goes down, then comes back up roughly thirty seconds later. Capture perspective from R1's 2001:db8:0:12::1 interface.

EIGRP Ethernet IPv6

Packets: 49 Duration: 65s Downloads: 6101

EIGRP_adjacency.cap 5.1 KB

Submitted Sep 14, 2009

Formation of an EIGRP adjacency between routers R1 and R2. Capture point is R1's 10.0.0.1 interface.

EIGRP Ethernet IP

Packets: 53 Duration: 104s Downloads: 10038

EIGRP_goodbye.cap 1.3 KB

Submitted Sep 14, 2009

R2 designates its interface facing R1 as passive. The final hello message from R2 (packet #9) has all its K values set to 255, designating the message as a "goodbye." Capture perspective is from R1's 10.0.0.1 interface.

EIGRP Ethernet IP

Packets: 15 Duration: 43s Downloads: 7456

EIGRP_subnet_down.cap 1.8 KB

Submitted Sep 14, 2009

R4's interface to 192.168.4.0/24 goes down and the route is advertised as unreachable. Queries are issued by all routers to find a new path to the subnet but none exists, and the route is removed from the topology. Capture perspective is from R1's 10.0.0.1 interface.

EIGRP Ethernet IP

Packets: 21 Duration: 23s Downloads: 5899

Showing 1 - 25 of 94