Packet Captures
rpvstp-access.pcap.cap (3.7 KB)
| Packets: 49 | Duration: 77s | Downloads: 318 |
Rapid per-VLAN spanning tree capture of an access port (without portfast), configured in VLAN 5.
LDP_Ethernet_FrameRelay.pcap.cap (2.1 KB)
| Packets: 14 | Duration: 7s | Downloads: 398 |
LDP with pseudowire FEC elements (Ethernet and Frame-Relay DLCI-to-DLCI)
BGP_MD5.cap (1.7 KB)
| Packets: 16 | Duration: 61s | Downloads: 621 |
An EBGP with TCP MD5 authentication enabled
- Categories: Authentication, Routing Protocols
- Protocols: BGP, Ethernet, IP, TCP
BGP_redist.cap (378 bytes)
| Packets: 2 | Duration: n/a | Downloads: 530 |
The OSPF metric is preserved and propagated within the MPLS cloud by the MP-BGP MED attribute.
OSPF_Down-Bit.cap (8.9 KB)
| Packets: 98 | Duration: 203s | Downloads: 700 |
LSA Update with down bit set. Router R5 56.0.0.5 PE is receiving an update from the MPLS VPN, which is advertised to CE 56.0.0.6 ospf routing table. In order for for the packet(LSA) not to be re-advertised back into the MPLS cloud through another PE(2) router, PE sets the Down-bit to 1. filter: ospf.v2.options.dn == 1
PPP_negotiation.cap (4.6 KB)
| Packets: 63 | Duration: 67s | Downloads: 900 |
EoMPLS.cap (7.0 KB)
| Packets: 56 | Duration: 32s | Downloads: 732 |
Routers at 1.1.2.1 and 1.1.2.2 are PEs in a MPLS cloud. LDP starts at packet 8 and they build up a pseudo-wire VC (last FEC in packets 11 and 13). At packet 15 we already have STP running between CE1 and CE2 (two routers with ESW), encapsulated in 2 MPLS headers. All the ethernet stuff follows: CDP, ARP, ICMP between two hosts on the same subnet.
DHCP_Inter_VLAN.cap (2.0 KB)
| Packets: 4 | Duration: n/a | Downloads: 861 |
R1 is a router-on-a-stick. It receives a DHCP Discover on the trunk interface, it sets the "Relay agent IP address" to the sub-interface's IP address it received the packet on and, finally, it forwards it to the DHCP server. Capture perspective is R1-DHCP server link.
PIM_register_register-stop.cap (258 bytes)
| Packets: 2 | Duration: n/a | Downloads: 656 |
Switch at 192.168.0.6 receives an IGMP request for the group 239.1.2.3, encapsulates the original IGMP packet in a PIM Register and sends it to the RP at 192.168.1.254. In packet #2 RP sends a Register-Stop to the switch.
DHCP.cap (5.8 KB)
| Packets: 12 | Duration: 153s | Downloads: 956 |
R0 is the client and R1 is the DHCP server. Lease time is 1 minute.
VRRP_preempt.cap (1.2 KB)
| Packets: 16 | Duration: 14s | Downloads: 620 |
Initially R3 is the master, R2 is backup, and R1 is offline. R1 comes back online with a priority of 200, preempting R3 to become the master router.
- Categories: Redundancy
- Protocols: Ethernet, IP, VRRP
VRRP_failover.cap (2.4 KB)
| Packets: 32 | Duration: 33s | Downloads: 2129 |
The master router (R1) goes offline. After the down interval passes (roughly 3 seconds), R3 takes over as the master router in packet #12. R2 also offers to take over but R3 wins because it has the higher IP address.
- Categories: Redundancy
- Protocols: Ethernet, IP, VRRP
telnet.cap (7.3 KB)
| Packets: 74 | Duration: 10s | Downloads: 784 |
Telnetting from one router to another. Note that all communication is visible in clear text.
- Categories: Management
- Protocols: Ethernet, IP, TCP, Telnet
TDP.cap (2.8 KB)
| Packets: 33 | Duration: 47s | Downloads: 528 |
P2 and PE2 exchange Tag Distribution Protocol hellos and form an adjacency over TCP port 711.
SSHv2.cap (11.4 KB)
| Packets: 90 | Duration: 7s | Downloads: 655 |
An SSH version 2 session between two routers. All communication is securely encrypted.
- Categories: Encryption, Management
- Protocols: Ethernet, IP, SSH, TCP
SNMPv2c_get_requests.cap (894 bytes)
| Packets: 8 | Duration: n/a | Downloads: 566 |
SNMPv2c get requests are issued from a manager to an SNMP agent in order to monitor the bandwidth utilization of an interface.
- Categories: Management
- Protocols: Ethernet, IP, SNMP, UDP
RIPv2_subnet_down.cap (1.3 KB)
| Packets: 10 | Duration: 86s | Downloads: 559 |
RIPv2 routes are being flooded on the R1-R2 link. R2's connection to 192.168.2.0/24 goes down, and the route is advertised as unreachable (metric 16) in packet #7. Capture perspective from R1's 10.0.0.1 interface.
- Categories: Routing Protocols
- Protocols: Ethernet, IP, RIP, UDP
RIPv2.cap (1.7 KB)
| Packets: 12 | Duration: 141s | Downloads: 594 |
A RIPv2 router periodically flooding its database. Capture perspective from R1's 10.0.0.1 interface.
- Categories: Routing Protocols
- Protocols: Ethernet, IP, RIP, UDP
RIPv1_subnet_down.cap (1.0 KB)
| Packets: 8 | Duration: 58s | Downloads: 491 |
RIPv1 routes are being flooded on the R1-R2 link. R2's connection to 192.168.2.0/24 goes down, and the route is advertised as unreachable (metric 16) in packet #5. Capture perspective from R1's 10.0.1.1 interface.
- Categories: Routing Protocols
- Protocols: Ethernet, IP, RIP, UDP
RIPv1.cap (876 bytes)
| Packets: 6 | Duration: 65s | Downloads: 534 |
A RIPv1 router periodically flooding its database. Capture perspective from R1's 10.0.1.1 interface.
- Categories: Routing Protocols
- Protocols: Ethernet, IP, RIP, UDP
RADIUS.cap (775 bytes)
| Packets: 4 | Duration: n/a | Downloads: 701 |
A RADIUS authentication request is issued from a switch at 10.0.0.1 on behalf of an EAP client. The user authenticates via MD5 challenge with the username "John.McGuirk" and the password "S0cc3r".
- Categories: Authentication
- Protocols: Ethernet, IP, RADIUS, UDP
PPP_TCP_compression.cap (1.5 KB)
| Packets: 43 | Duration: 3s | Downloads: 511 |
A telnet session is established to 191.1.13.3 across a PPP link performing TCP header compression. The user at 191.1.13.1 logs in with the password "cisco" and terminates the connection.
PIMv2_hellos.cap (528 bytes)
| Packets: 6 | Duration: 63s | Downloads: 525 |
Routers 1 and 2 exchange PIMv2 hello packets.
- Categories: Multicast, Routing Protocols
- Protocols: Ethernet, IP, PIM
PIMv2_bootstrap.cap (712 bytes)
| Packets: 8 | Duration: 184s | Downloads: 504 |
Router 1 is the BSR and routers 2 and 3 are candidate RPs with the default priority of 0. R1 collects the RP advertisement unicasts from R2 and R3 and combines them in a bootstrap multicast to all PIM routers. Capture perspective is the R1-R3 link.
- Categories: Multicast, Routing Protocols
- Protocols: Ethernet, IP, PIM
PIM-SM_join_prune.cap (3.8 KB)
| Packets: 47 | Duration: 473s | Downloads: 587 |
A host on R4's 172.16.20.0/24 subnet requests to join the 239.123.123.123 group. R4 sends a PIMv2 join message up to the RP (R1). Subsequent join messages are sent every 30 seconds, until R4 determines it no longer has any interested hosts and sends a prune request (packet #45). PIMv1 RP-Reachable messages for the group are also visible from R1.
PIM-DM_pruning.cap (10.2 KB)
| Packets: 38 | Duration: 415s | Downloads: 460 |
The multicast source at 172.16.40.10 begins sending traffic to the group 239.123.123.123, and PIM-DM floods the traffic down the tree. R4 has no group members, and prunes itself from the tree. R2 and R3 then realize they have no members, and each prunes itself from the tree. The capture shows R2 receiving the multicast traffic flooded from R1 and subsequently pruning itself every three minutes.
path_MTU_discovery.cap (6.2 KB)
| Packets: 8 | Duration: n/a | Downloads: 545 |
Tracepath is used to determine the MTU of the path between hosts 192.168.0.2 and .1.2. Packet #6 contains an ICMP "fragmentation needed" message, indicating the MTU for that hop is 1400 bytes.
OSPF_with_MD5_auth.cap (4.6 KB)
| Packets: 34 | Duration: 63s | Downloads: 591 |
An OSPF adjacency is formed between two routers configured to use MD5 authentication.
- Categories: Routing Protocols
- Protocols: Ethernet, IP, OSPF
OSPF_type7_LSA.cap (3.6 KB)
| Packets: 25 | Duration: 32s | Downloads: 502 |
Area 10 is configured as a not-so-stubby area (NSSA). The capture records the adjacency formed between routers 2 and 3. The link state update in packet #11 includes several type 7 LSAs from R2. Capture perspective from R3's 10.0.10.1 interface.
- Categories: Routing Protocols
- Protocols: Ethernet, IP, OSPF
