Packet Captures
SSHv2.cap 11.4 KB
Submitted Sep 14, 2009
An SSH version 2 session between two routers. All communication is securely encrypted.
Packets: 90 | Duration: 7s | Downloads: 45567 |
TCP_SACK.cap 27.5 KB
Submitted Jun 16, 2010
A TCP SACK option is included in packets #31, #33, #35, and #37. The missing segment is retransmitted in packet #38.
Packets: 39 | Duration: n/a | Downloads: 26834 |
HTTP.cap 24.9 KB
Submitted Mar 1, 2011
Simple HTTP transfer of a PNG image using wget
Packets: 40 | Duration: n/a | Downloads: 26830 |
cm4116_telnet.cap 9.4 KB
Submitted Mar 1, 2011
Short Telnet session with an Opengear CM4116 used to demonstrate the urgent flag and pointer
Packets: 113 | Duration: 14s | Downloads: 17673 |
BGP_MP_NLRI.cap 2.9 KB
Submitted Jun 28, 2010
IPv6 routes are carried as a separate address family inside MP_REACH_NLRI attributes.
Packets: 24 | Duration: 60s | Downloads: 16615 |
packet-c.cap 675.0 KB
Submitted Jan 31, 2012 by Slaingod
This is a packet capture from a SonicWall. We were troubleshooting DHCP packet flows. The SonicWall saw the DHCP Discover and Sent an Offer. We never saw the DHCP acknowledgement. In the adjacent core stacked switching we were running "debug ip dhcp server packets" we only saw discover packets from IP phones up to the SonicWall. For some reason the SonicWall could not let any other DHCP packets through or out of it INSIDE (LAN) interface. Even if we put an ANY-ANY ALC for that interface. We ended up having to replace the SonicWall and upload the configuration from the old SonicWall to the new one.
-Slaingod
BOOTP DNS HTTP IP LLC SKINNY SSL STP TCP UDP
Packets: 926 | Duration: 13s | Downloads: 15586 |
iphttps.cap 12.4 KB
Submitted Nov 12, 2010 by nacnud
IP-HTTPS capture. This is Microsoft's IPv6 inside HTTPS tunneling for DirectAccess.
ARP DNS Ethernet ICMPv6 IGMP IP IPv6 LLC NBNS NBSS SSL TCP UDP
Packets: 83 | Duration: 38s | Downloads: 14514 |
TACACS+_encrypted.cap 2.8 KB
Submitted Sep 28, 2010
TACACS+ authentication and authorization requests as made by a Cisco IOS router upon a user logging in via Telnet.
Packets: 34 | Duration: 7s | Downloads: 13550 |
EoMPLS.cap 7.0 KB
Submitted Oct 12, 2009 by pierky
Routers at 1.1.2.1 and 1.1.2.2 are PEs in a MPLS cloud. LDP starts at packet 8 and they build up a pseudo-wire VC (last FEC in packets 11 and 13). At packet 15 we already have STP running between CE1 and CE2 (two routers with ESW), encapsulated in 2 MPLS headers. All the ethernet stuff follows: CDP, ARP, ICMP between two hosts on the same subnet.
Packets: 56 | Duration: 32s | Downloads: 11498 |
connection termination.cap 316 bytes
Submitted Jun 5, 2012 by altafk
This is a connection termination packet in which both the server and client sends fin & ack to each other.
For details of how connection is been teared down by both client and server see the link below.
http://www.firewall.cx/networking-topics/protocols/tcp/136-tcp-flag-options.html
Packets: 4 | Duration: n/a | Downloads: 11440 |
BGP_MD5.cap 1.7 KB
Submitted Nov 26, 2009
An EBGP with TCP MD5 authentication enabled
Packets: 16 | Duration: 61s | Downloads: 10882 |
BGP_redist.cap 378 bytes
Submitted Oct 28, 2009 by colinbsd
The OSPF metric is preserved and propagated within the MPLS cloud by the MP-BGP MED attribute.
Packets: 2 | Duration: n/a | Downloads: 10068 |
telnet.cap 9.4 KB
Submitted Sep 14, 2009
Telnetting from one router to another. Note that all communication is visible in clear text.
Packets: 74 | Duration: 10s | Downloads: 10029 |
LDP_adjacency.cap 5.7 KB
Submitted Sep 14, 2009
PE1 and P1 multicast LDP hellos to 224.0.0.2 on UDP port 646. They then establish an adjacency on TCP port 646 and exchange labels.
Packets: 61 | Duration: 108s | Downloads: 9751 |
LDP_Ethernet_FrameRelay.pcap.cap 2.1 KB
Submitted Dec 5, 2009 by pierky
LDP with pseudowire FEC elements (Ethernet and Frame-Relay DLCI-to-DLCI)
Packets: 14 | Duration: 7s | Downloads: 9652 |
gmail.pcapng.cap 508.6 KB
Submitted Aug 7, 2014 by tmuhimbisemoses
Sample packet capture I created during an attempt to view login details.
ARP DHCPV6 DNS HTTP IP IPv6 NBNS SSL TCP TEREDO UDP
Packets: 793 | Duration: 32s | Downloads: 9585 |
4-byte_AS_numbers_Mixed_Scenario.cap 414 bytes
Submitted Apr 30, 2010 by pierky
Router "B" (AS 2) at 172.16.3.2 does not support 4-byte AS numbers, while router "A" (AS 10.1 / 655361) at 172.16.3.1 does.
Router "A" receives an UPDATE for the 40.0.0.0/8 subnet from an external router ("D") in the AS 40.1 / 2621441 (not shown), and it forwards it to "B" (pkt n. 2): AS_PATH contains "23456 23456" (the first stands for AS 10.1, the second for the originating AS 40.1), but NEW_AS_PATH contains the real 4-byte AS numbers.
At pkt n. 3 "B" receives the same subnet directly from "D" and sends it to "A", including the original NEW_AS_PATH attribute previously appended by "D".
Packets: 4 | Duration: 60s | Downloads: 9551 |
OCSP-Good.cap 3.5 KB
Submitted Jun 8, 2011 by kerlenpondi
OCSP_Good (CRL HTTPS CA Verisign)
Packets: 14 | Duration: 1s | Downloads: 8911 |
4-byte_AS_numbers_Full_Support.cap 1.2 KB
Submitted Apr 30, 2010 by pierky
Router at 172.16.1.2 (hostname "D", AS 40.1 / 2621441) clears a previous established peering with 172.16.1.1 (hostname "A", AS 10.1 / 655361); They both support 32-bit ASN.
While opening the new session, they negotiate the "Four-octet AS Number Capability" (pkts n. 2 and 3).
Then, both "A" and "D" send some UPDATEs containing 4-octect encoded AS_PATH attributes (pkts n. 6 and 9). Please note: WireShark may show wrong paths unless you force 4-byte encoding in the Preferences / Protocols / BGP options.
Packets: 9 | Duration: 56s | Downloads: 8906 |
OCSP-Not_Implemted.cap 1.1 KB
Submitted Jun 10, 2011 by kerlenpondi
OCSP-Not_Implemted
Packets: 10 | Duration: n/a | Downloads: 8869 |
bgplu.cap 2.1 KB
Submitted Jan 24, 2016 by mxiao
BGP Labeled Unicast
Packets: 22 | Duration: 4s | Downloads: 8247 |
ipv4-smtp.cap 1.5 KB
Submitted Dec 30, 2014 by nacnud
SMTP over IPv4 to Google - GMAIL.
Packets: 15 | Duration: 9s | Downloads: 8236 |
EBGP_adjacency.cap 2.7 KB
Submitted Sep 14, 2009
The external BGP adjacency between routers 1 and 2 is brought online and routes are exchanged. Keepalives are then exchanged every 60 seconds. Note that the IP TTL (normally 1) has been increased to 2 with ebgp-multihop to facilitate communication between the routers' loopback interfaces.
Packets: 24 | Duration: 182s | Downloads: 8162 |
BGP_AS_set.cap 1.6 KB
Submitted Sep 14, 2009
Packet #15 includes a BGP update containing both an AS sequence and an AS set in its AS path attribute.
Packets: 18 | Duration: 1s | Downloads: 7991 |
IBGP_adjacency.cap 2.3 KB
Submitted Sep 14, 2009
Routers 3 and 4 form an internal BGP relationship. This is evidenced by the OPEN messages in packets #4 and #5, which show both routers belong to the same AS (65300). Also note that IBGP packets are not subject to a limited TTL as are EBGP packets.
Packets: 17 | Duration: 63s | Downloads: 7940 |