Packet Captures
IPv6_RTSP.cap (15.5 KB)
| Packets: 17 | Duration: 3s | Downloads: 311 |
This capture contains IPv6_RTSP packets. Accessed IPv6 enabled RTSP server using 6in4 tunnel.
OCSP-Not_Implemted.cap (1.1 KB)
| Packets: 10 | Duration: n/a | Downloads: 2015 |
OCSP-Not_Implemted
- Categories: Encryption
- Protocols: HTTP, IP, OCSP, TCP
OCSP-Revoked.cap (1.8 KB)
| Packets: 10 | Duration: n/a | Downloads: 1127 |
OCSP (Comodo - FAKE crt Addons-mozilla-org)
- Categories: Encryption
- Protocols: HTTP, IP, OCSP, TCP
traceroute_MPLS.cap (3.3 KB)
| Packets: 29 | Duration: 3s | Downloads: 2919 |
cm4116_telnet.cap (9.4 KB)
| Packets: 113 | Duration: 14s | Downloads: 2715 |
Short Telnet session with an Opengear CM4116 used to demonstrate the urgent flag and pointer
- Categories: Management
- Protocols: Ethernet, IP, TCP, Telnet
HTTP.cap (24.9 KB)
| Packets: 40 | Duration: n/a | Downloads: 4179 |
Simple HTTP transfer of a PNG image using wget
DHCP_MessageType 10,11,12 and 13.cap (1.9 KB)
| Packets: 6 | Duration: 13s | Downloads: 2831 |
Access Concentrator/router queries lease for particular IP addresses using message type as "DHCP LEASE QUERY" and gets response as DHCP LEASE ACTIVE,LEASE UNASSIGNED and LEASE UNKNOWN.
Access Concenttrator/Router IP=10.10.39.14
DHCP server IP=10.10.35.33
iphttps.cap (12.4 KB)
| Packets: 83 | Duration: 38s | Downloads: 3433 |
IP-HTTPS capture. This is Microsoft's IPv6 inside HTTPS tunneling for DirectAccess.
WCCPv2.pcap.cap (2.8 KB)
| Packets: 15 | Duration: 27s | Downloads: 2451 |
WCCP communication captures between 7200 Router and a WCCP capable optimization device (In my case it is Riverbed's Stealhead 2050)
TACACS+_encrypted.cap (2.8 KB)
| Packets: 34 | Duration: 7s | Downloads: 2898 |
TACACS+ authentication and authorization requests as made by a Cisco IOS router upon a user logging in via Telnet.
- Categories: Management
- Protocols: Ethernet, IP, TACACS+, TCP
ICMP_over_L2TPv3_Pseudowire.pcap.cap (5.3 KB)
| Packets: 38 | Duration: 30s | Downloads: 3138 |
ICMP pings from a CE to a second CE via a L2TPv3 pseudowire.
802.1Q_tunneling.cap (5.0 KB)
| Packets: 26 | Duration: 35s | Downloads: 5863 |
BGP_MP_NLRI.cap (2.9 KB)
| Packets: 24 | Duration: 60s | Downloads: 4293 |
IPv6 routes are carried as a separate address family inside MP_REACH_NLRI attributes.
TCP_SACK.cap (27.5 KB)
| Packets: 39 | Duration: n/a | Downloads: 11418 |
A TCP SACK option is included in packets #31, #33, #35, and #37. The missing segment is retransmitted in packet #38.
4-byte_AS_numbers_Mixed_Scenario.cap (414 bytes)
| Packets: 4 | Duration: 60s | Downloads: 3460 |
Router "B" (AS 2) at 172.16.3.2 does not support 4-byte AS numbers, while router "A" (AS 10.1 / 655361) at 172.16.3.1 does.
Router "A" receives an UPDATE for the 40.0.0.0/8 subnet from an external router ("D") in the AS 40.1 / 2621441 (not shown), and it forwards it to "B" (pkt n. 2): AS_PATH contains "23456 23456" (the first stands for AS 10.1, the second for the originating AS 40.1), but NEW_AS_PATH contains the real 4-byte AS numbers.
At pkt n. 3 "B" receives the same subnet directly from "D" and sends it to "A", including the original NEW_AS_PATH attribute previously appended by "D".
- Categories: Routing Protocols
- Protocols: BGP, HDLC, IP, TCP
4-byte_AS_numbers_Full_Support.cap (1.2 KB)
| Packets: 9 | Duration: 56s | Downloads: 3221 |
Router at 172.16.1.2 (hostname "D", AS 40.1 / 2621441) clears a previous established peering with 172.16.1.1 (hostname "A", AS 10.1 / 655361); They both support 32-bit ASN.
While opening the new session, they negotiate the "Four-octet AS Number Capability" (pkts n. 2 and 3).
Then, both "A" and "D" send some UPDATEs containing 4-octect encoded AS_PATH attributes (pkts n. 6 and 9). Please note: WireShark may show wrong paths unless you force 4-byte encoding in the Preferences / Protocols / BGP options.
- Categories: Routing Protocols
- Protocols: BGP, HDLC, IP, TCP
rpvstp-access.pcap.cap (3.7 KB)
| Packets: 49 | Duration: 77s | Downloads: 3135 |
Rapid per-VLAN spanning tree capture of an access port (without portfast), configured in VLAN 5.
LDP_Ethernet_FrameRelay.pcap.cap (2.1 KB)
| Packets: 14 | Duration: 7s | Downloads: 3496 |
LDP with pseudowire FEC elements (Ethernet and Frame-Relay DLCI-to-DLCI)
BGP_MD5.cap (1.7 KB)
| Packets: 16 | Duration: 61s | Downloads: 4158 |
An EBGP with TCP MD5 authentication enabled
- Categories: Authentication, Routing Protocols
- Protocols: BGP, Ethernet, IP, TCP
BGP_redist.cap (378 bytes)
| Packets: 2 | Duration: n/a | Downloads: 3517 |
The OSPF metric is preserved and propagated within the MPLS cloud by the MP-BGP MED attribute.
OSPF_Down-Bit.cap (8.9 KB)
| Packets: 98 | Duration: 203s | Downloads: 3555 |
LSA Update with down bit set. Router R5 56.0.0.5 PE is receiving an update from the MPLS VPN, which is advertised to CE 56.0.0.6 ospf routing table. In order for for the packet(LSA) not to be re-advertised back into the MPLS cloud through another PE(2) router, PE sets the Down-bit to 1. filter: ospf.v2.options.dn == 1
PPP_negotiation.cap (4.6 KB)
| Packets: 63 | Duration: 67s | Downloads: 3930 |
EoMPLS.cap (7.0 KB)
| Packets: 56 | Duration: 32s | Downloads: 3770 |
Routers at 1.1.2.1 and 1.1.2.2 are PEs in a MPLS cloud. LDP starts at packet 8 and they build up a pseudo-wire VC (last FEC in packets 11 and 13). At packet 15 we already have STP running between CE1 and CE2 (two routers with ESW), encapsulated in 2 MPLS headers. All the ethernet stuff follows: CDP, ARP, ICMP between two hosts on the same subnet.
DHCP_Inter_VLAN.cap (2.0 KB)
| Packets: 4 | Duration: n/a | Downloads: 3714 |
R1 is a router-on-a-stick. It receives a DHCP Discover on the trunk interface, it sets the "Relay agent IP address" to the sub-interface's IP address it received the packet on and, finally, it forwards it to the DHCP server. Capture perspective is R1-DHCP server link.
PIM_register_register-stop.cap (258 bytes)
| Packets: 2 | Duration: n/a | Downloads: 3190 |
Switch at 192.168.0.6 receives an IGMP request for the group 239.1.2.3, encapsulates the original IGMP packet in a PIM Register and sends it to the RP at 192.168.1.254. In packet #2 RP sends a Register-Stop to the switch.
DHCP.cap (5.8 KB)
| Packets: 12 | Duration: 153s | Downloads: 4386 |
R0 is the client and R1 is the DHCP server. Lease time is 1 minute.
VRRP_preempt.cap (1.2 KB)
| Packets: 16 | Duration: 14s | Downloads: 2823 |
Initially R3 is the master, R2 is backup, and R1 is offline. R1 comes back online with a priority of 200, preempting R3 to become the master router.
- Categories: Redundancy
- Protocols: Ethernet, IP, VRRP
VRRP_failover.cap (2.4 KB)
| Packets: 32 | Duration: 33s | Downloads: 4035 |
The master router (R1) goes offline. After the down interval passes (roughly 3 seconds), R3 takes over as the master router in packet #12. R2 also offers to take over but R3 wins because it has the higher IP address.
- Categories: Redundancy
- Protocols: Ethernet, IP, VRRP
telnet.cap (9.4 KB)
| Packets: 74 | Duration: 10s | Downloads: 3540 |
Telnetting from one router to another. Note that all communication is visible in clear text.
- Categories: Management
- Protocols: Ethernet, IP, TCP, Telnet