Packet Captures
Viewing 1 - 27 of 27
- 1
OCSP-Not_Implemted.cap (1.1 KB)
| Packets: 10 | Duration: n/a | Downloads: 2009 |
OCSP-Not_Implemted
- Categories: Encryption
- Protocols: HTTP, IP, OCSP, TCP
OCSP-Revoked.cap (1.8 KB)
| Packets: 10 | Duration: n/a | Downloads: 1127 |
OCSP (Comodo - FAKE crt Addons-mozilla-org)
- Categories: Encryption
- Protocols: HTTP, IP, OCSP, TCP
cm4116_telnet.cap (9.4 KB)
| Packets: 113 | Duration: 14s | Downloads: 2712 |
Short Telnet session with an Opengear CM4116 used to demonstrate the urgent flag and pointer
- Categories: Management
- Protocols: Ethernet, IP, TCP, Telnet
HTTP.cap (24.9 KB)
| Packets: 40 | Duration: n/a | Downloads: 4168 |
Simple HTTP transfer of a PNG image using wget
iphttps.cap (12.4 KB)
| Packets: 83 | Duration: 38s | Downloads: 3428 |
IP-HTTPS capture. This is Microsoft's IPv6 inside HTTPS tunneling for DirectAccess.
TACACS+_encrypted.cap (2.8 KB)
| Packets: 34 | Duration: 7s | Downloads: 2896 |
TACACS+ authentication and authorization requests as made by a Cisco IOS router upon a user logging in via Telnet.
- Categories: Management
- Protocols: Ethernet, IP, TACACS+, TCP
BGP_MP_NLRI.cap (2.9 KB)
| Packets: 24 | Duration: 60s | Downloads: 4291 |
IPv6 routes are carried as a separate address family inside MP_REACH_NLRI attributes.
TCP_SACK.cap (27.5 KB)
| Packets: 39 | Duration: n/a | Downloads: 11411 |
A TCP SACK option is included in packets #31, #33, #35, and #37. The missing segment is retransmitted in packet #38.
4-byte_AS_numbers_Mixed_Scenario.cap (414 bytes)
| Packets: 4 | Duration: 60s | Downloads: 3457 |
Router "B" (AS 2) at 172.16.3.2 does not support 4-byte AS numbers, while router "A" (AS 10.1 / 655361) at 172.16.3.1 does.
Router "A" receives an UPDATE for the 40.0.0.0/8 subnet from an external router ("D") in the AS 40.1 / 2621441 (not shown), and it forwards it to "B" (pkt n. 2): AS_PATH contains "23456 23456" (the first stands for AS 10.1, the second for the originating AS 40.1), but NEW_AS_PATH contains the real 4-byte AS numbers.
At pkt n. 3 "B" receives the same subnet directly from "D" and sends it to "A", including the original NEW_AS_PATH attribute previously appended by "D".
- Categories: Routing Protocols
- Protocols: BGP, HDLC, IP, TCP
4-byte_AS_numbers_Full_Support.cap (1.2 KB)
| Packets: 9 | Duration: 56s | Downloads: 3218 |
Router at 172.16.1.2 (hostname "D", AS 40.1 / 2621441) clears a previous established peering with 172.16.1.1 (hostname "A", AS 10.1 / 655361); They both support 32-bit ASN.
While opening the new session, they negotiate the "Four-octet AS Number Capability" (pkts n. 2 and 3).
Then, both "A" and "D" send some UPDATEs containing 4-octect encoded AS_PATH attributes (pkts n. 6 and 9). Please note: WireShark may show wrong paths unless you force 4-byte encoding in the Preferences / Protocols / BGP options.
- Categories: Routing Protocols
- Protocols: BGP, HDLC, IP, TCP
LDP_Ethernet_FrameRelay.pcap.cap (2.1 KB)
| Packets: 14 | Duration: 7s | Downloads: 3495 |
LDP with pseudowire FEC elements (Ethernet and Frame-Relay DLCI-to-DLCI)
BGP_MD5.cap (1.7 KB)
| Packets: 16 | Duration: 61s | Downloads: 4155 |
An EBGP with TCP MD5 authentication enabled
- Categories: Authentication, Routing Protocols
- Protocols: BGP, Ethernet, IP, TCP
BGP_redist.cap (378 bytes)
| Packets: 2 | Duration: n/a | Downloads: 3513 |
The OSPF metric is preserved and propagated within the MPLS cloud by the MP-BGP MED attribute.
EoMPLS.cap (7.0 KB)
| Packets: 56 | Duration: 32s | Downloads: 3768 |
Routers at 1.1.2.1 and 1.1.2.2 are PEs in a MPLS cloud. LDP starts at packet 8 and they build up a pseudo-wire VC (last FEC in packets 11 and 13). At packet 15 we already have STP running between CE1 and CE2 (two routers with ESW), encapsulated in 2 MPLS headers. All the ethernet stuff follows: CDP, ARP, ICMP between two hosts on the same subnet.
telnet.cap (9.4 KB)
| Packets: 74 | Duration: 10s | Downloads: 3535 |
Telnetting from one router to another. Note that all communication is visible in clear text.
- Categories: Management
- Protocols: Ethernet, IP, TCP, Telnet
TDP.cap (2.8 KB)
| Packets: 33 | Duration: 47s | Downloads: 2242 |
P2 and PE2 exchange Tag Distribution Protocol hellos and form an adjacency over TCP port 711.
SSHv2.cap (11.4 KB)
| Packets: 90 | Duration: 7s | Downloads: 3106 |
An SSH version 2 session between two routers. All communication is securely encrypted.
- Categories: Encryption, Management
- Protocols: Ethernet, IP, SSH, TCP
PPP_TCP_compression.cap (1.5 KB)
| Packets: 43 | Duration: 3s | Downloads: 2012 |
A telnet session is established to 191.1.13.3 across a PPP link performing TCP header compression. The user at 191.1.13.1 logs in with the password "cisco" and terminates the connection.
MSDP.cap (4.1 KB)
| Packets: 35 | Duration: 391s | Downloads: 1750 |
R2 and R3 become MSDP peers and exchange keepalives. A multicast source 172.16.40.10 begins sending traffic to group 239.123.123.123, and R2 begins sending periodic source active messages to R3. Capture perspective is the R2-R3 link.
LDP_adjacency.cap (5.7 KB)
| Packets: 61 | Duration: 108s | Downloads: 2247 |
PE1 and P1 multicast LDP hellos to 224.0.0.2 on UDP port 646. They then establish an adjacency on TCP port 646 and exchange labels.
IBGP_adjacency.cap (2.3 KB)
| Packets: 17 | Duration: 63s | Downloads: 2001 |
Routers 3 and 4 form an internal BGP relationship. This is evidenced by the OPEN messages in packets #4 and #5, which show both routers belong to the same AS (65300). Also note that IBGP packets are not subject to a limited TTL as are EBGP packets.
- Categories: Routing Protocols
- Protocols: BGP, Ethernet, IP, TCP
EBGP_adjacency.cap (2.7 KB)
| Packets: 24 | Duration: 182s | Downloads: 1989 |
The external BGP adjacency between routers 1 and 2 is brought online and routes are exchanged. Keepalives are then exchanged every 60 seconds. Note that the IP TTL (normally 1) has been increased to 2 with ebgp-multihop to facilitate communication between the routers' loopback interfaces.
- Categories: Routing Protocols
- Protocols: BGP, Ethernet, IP, TCP
BGP_soft_reset.cap (2.0 KB)
| Packets: 17 | Duration: 180s | Downloads: 1978 |
R1 performs a soft bidirectional reset (clear ip bgp soft) on its adjacency with R2. The ROUTE-REFRESH message is visible in packet #7. Note that the TCP connection remains uninterrupted, and neither router views the reset as disruptive.
- Categories: Routing Protocols
- Protocols: BGP, Ethernet, IP, TCP
BGP_notification.cap (764 bytes)
| Packets: 9 | Duration: n/a | Downloads: 1929 |
R1 has been misconfigured to expect R2 to reside in AS 65100. R2 attempts to peer with R1 advertising itself correctly in AS 65200. R1 issues a NOTIFICATION in packet #5 citing a "bad peer AS" error and terminates the TCP connection.
- Categories: Routing Protocols
- Protocols: BGP, Ethernet, IP, TCP
BGP_hard_reset.cap (3.2 KB)
| Packets: 32 | Duration: 208s | Downloads: 1878 |
A hard reset (clear ip bgp) is performed on R1 for its adjacency with R2. Packet #7 shows R1 sending a packet with the TCP FIN flag set, indicating the connection is to be torn down. The TCP connection is then reestablished and UPDATEs are retransmitted.
- Categories: Routing Protocols
- Protocols: BGP, Ethernet, IP, TCP
BGP_AS_set.cap (1.6 KB)
| Packets: 18 | Duration: 1s | Downloads: 2141 |
Packet #15 includes a BGP update containing both an AS sequence and an AS set in its AS path attribute.
- Categories: Routing Protocols
- Protocols: BGP, Ethernet, IP, TCP
Viewing 1 - 27 of 27
- 1
