Sort by new | name | popular

Packet Captures

Showing 1 - 25 of 34

bgp orf prefix advertisement.pcapng.cap 336 bytes

Submitted Apr 3, 2014 by altafk

BGP prefix list sent during route refresh when outbound route filtering is configured. here we clearly see whether the prefix list is add or delete and permit or deny. Also we can see the actual network/mask sent.

BGP IP TCP

Packets: 1 Duration: n/a Downloads: 134

bgp orf capabilty negotitation.pcapng.cap 328 bytes

Submitted Apr 3, 2014 by altafk

BGP outbound route filtering capabilities negotiation between BGP speakers, sent during route [ Cisco PrefixList ORF-Type (128)].

BGP IP TCP

Packets: 1 Duration: n/a Downloads: 89

bgp med.pcapng.cap 364 bytes

Submitted Apr 2, 2014 by altafk

BGP metric value set to 242( just a random value), used as a suggestion for peer in neighboring AS to influence incoming traffic.

BGP IP TCP

Packets: 1 Duration: n/a Downloads: 105

no-advertise community.pcapng.cap 420 bytes

Submitted Mar 31, 2014 by altafk

BGP update packet with no-advertise community set [Community:NO_ADVERTISE (0xffffff02)] A BGP router telling its BGP peer not to advertise this route to any other peer whether EBGP or IBGP.

BGP IP TCP

Packets: 2 Duration: n/a Downloads: 106

snoop-working-ccm7.cap 203.0 KB

Submitted Jul 22, 2013 by earnestavathan

H323 Phone registering!!!

H225 IP Q931 TCP TPKT UDP

Packets: 191 Duration: 1081s Downloads: 2216

connection termination.cap 316 bytes

Submitted Jun 5, 2012 by altafk

This is a connection termination packet in which both the server and client sends fin & ack to each other.
For details of how connection is been teared down by both client and server see the link below.
http://www.firewall.cx/networking-topics/protocols/tcp/136-tcp-flag-options.html

IP TCP

Packets: 4 Duration: n/a Downloads: 5769

packet-c.cap 675.0 KB

Submitted Jan 31, 2012 by Slaingod

This is a packet capture from a SonicWall. We were troubleshooting DHCP packet flows. The SonicWall saw the DHCP Discover and Sent an Offer. We never saw the DHCP acknowledgement. In the adjacent core stacked switching we were running "debug ip dhcp server packets" we only saw discover packets from IP phones up to the SonicWall. For some reason the SonicWall could not let any other DHCP packets through or out of it INSIDE (LAN) interface. Even if we put an ANY-ANY ALC for that interface. We ended up having to replace the SonicWall and upload the configuration from the old SonicWall to the new one.

-Slaingod

BOOTP DNS HTTP IP LLC SKINNY SSL STP TCP UDP

Packets: 926 Duration: 13s Downloads: 8347

OCSP-Not_Implemted.cap 1.1 KB

Submitted Jun 10, 2011 by kerlenpondi

OCSP-Not_Implemted

HTTP IP OCSP TCP

Packets: 10 Duration: n/a Downloads: 6023

OCSP-Revoked.cap 1.8 KB

Submitted Jun 10, 2011 by kerlenpondi

OCSP (Comodo - FAKE crt Addons-mozilla-org)

HTTP IP OCSP TCP

Packets: 10 Duration: n/a Downloads: 4846

OCSP-Good.cap 3.5 KB

Submitted Jun 8, 2011 by kerlenpondi

OCSP_Good (CRL HTTPS CA Verisign)

DNS HTTP IP OCSP TCP UDP

Packets: 14 Duration: 1s Downloads: 5825

cm4116_telnet.cap 9.4 KB

Submitted Mar 1, 2011

Short Telnet session with an Opengear CM4116 used to demonstrate the urgent flag and pointer

Ethernet IP TCP Telnet

Packets: 113 Duration: 14s Downloads: 8534

HTTP.cap 24.9 KB

Submitted Mar 1, 2011

Simple HTTP transfer of a PNG image using wget

Ethernet HTTP IP TCP

Packets: 40 Duration: n/a Downloads: 14216

iphttps.cap 12.4 KB

Submitted Nov 12, 2010 by nacnud

IP-HTTPS capture. This is Microsoft's IPv6 inside HTTPS tunneling for DirectAccess.

ARP DNS Ethernet ICMPv6 IGMP IP IPv6 LLC NBNS NBSS SSL TCP UDP

Packets: 83 Duration: 38s Downloads: 9254

TACACS+_encrypted.cap 2.8 KB

Submitted Sep 28, 2010

TACACS+ authentication and authorization requests as made by a Cisco IOS router upon a user logging in via Telnet.

Ethernet IP TACACS+ TCP

Packets: 34 Duration: 7s Downloads: 7784

BGP_MP_NLRI.cap 2.9 KB

Submitted Jun 28, 2010

IPv6 routes are carried as a separate address family inside MP_REACH_NLRI attributes.

BGP Ethernet IP IPv6 TCP

Packets: 24 Duration: 60s Downloads: 10973

TCP_SACK.cap 27.5 KB

Submitted Jun 16, 2010

A TCP SACK option is included in packets #31, #33, #35, and #37. The missing segment is retransmitted in packet #38.

Ethernet HTTP IP TCP

Packets: 39 Duration: n/a Downloads: 17479

4-byte_AS_numbers_Mixed_Scenario.cap 414 bytes

Submitted Apr 30, 2010 by pierky

Router "B" (AS 2) at 172.16.3.2 does not support 4-byte AS numbers, while router "A" (AS 10.1 / 655361) at 172.16.3.1 does.

Router "A" receives an UPDATE for the 40.0.0.0/8 subnet from an external router ("D") in the AS 40.1 / 2621441 (not shown), and it forwards it to "B" (pkt n. 2): AS_PATH contains "23456 23456" (the first stands for AS 10.1, the second for the originating AS 40.1), but NEW_AS_PATH contains the real 4-byte AS numbers.

At pkt n. 3 "B" receives the same subnet directly from "D" and sends it to "A", including the original NEW_AS_PATH attribute previously appended by "D".

BGP HDLC IP TCP

Packets: 4 Duration: 60s Downloads: 6452

4-byte_AS_numbers_Full_Support.cap 1.2 KB

Submitted Apr 30, 2010 by pierky

Router at 172.16.1.2 (hostname "D", AS 40.1 / 2621441) clears a previous established peering with 172.16.1.1 (hostname "A", AS 10.1 / 655361); They both support 32-bit ASN.

While opening the new session, they negotiate the "Four-octet AS Number Capability" (pkts n. 2 and 3).

Then, both "A" and "D" send some UPDATEs containing 4-octect encoded AS_PATH attributes (pkts n. 6 and 9). Please note: WireShark may show wrong paths unless you force 4-byte encoding in the Preferences / Protocols / BGP options.

BGP HDLC IP TCP

Packets: 9 Duration: 56s Downloads: 5915

LDP_Ethernet_FrameRelay.pcap.cap 2.1 KB

Submitted Dec 5, 2009 by pierky

LDP with pseudowire FEC elements (Ethernet and Frame-Relay DLCI-to-DLCI)

Ethernet IP LDP MPLS TCP UDP

Packets: 14 Duration: 7s Downloads: 6385

BGP_MD5.cap 1.7 KB

Submitted Nov 26, 2009

An EBGP with TCP MD5 authentication enabled

BGP Ethernet IP TCP

Packets: 16 Duration: 61s Downloads: 7102

BGP_redist.cap 378 bytes

Submitted Oct 28, 2009 by colinbsd

The OSPF metric is preserved and propagated within the MPLS cloud by the MP-BGP MED attribute.

BGP HDLC IP MPLS TCP

Packets: 2 Duration: n/a Downloads: 6853

EoMPLS.cap 7.0 KB

Submitted Oct 12, 2009 by pierky

Routers at 1.1.2.1 and 1.1.2.2 are PEs in a MPLS cloud. LDP starts at packet 8 and they build up a pseudo-wire VC (last FEC in packets 11 and 13). At packet 15 we already have STP running between CE1 and CE2 (two routers with ESW), encapsulated in 2 MPLS headers. All the ethernet stuff follows: CDP, ARP, ICMP between two hosts on the same subnet.

Ethernet IP LOOP MPLS TCP UDP

Packets: 56 Duration: 32s Downloads: 6992

telnet.cap 9.4 KB

Submitted Sep 14, 2009

Telnetting from one router to another. Note that all communication is visible in clear text.

Ethernet IP TCP Telnet

Packets: 74 Duration: 10s Downloads: 6417

TDP.cap 2.8 KB

Submitted Sep 14, 2009

P2 and PE2 exchange Tag Distribution Protocol hellos and form an adjacency over TCP port 711.

Ethernet IP TCP TDP UDP

Packets: 33 Duration: 47s Downloads: 4027

SSHv2.cap 11.4 KB

Submitted Sep 14, 2009

An SSH version 2 session between two routers. All communication is securely encrypted.

Ethernet IP SSH TCP

Packets: 90 Duration: 7s Downloads: 5859

Showing 1 - 25 of 34