Packet Captures
Viewing 1 - 30 of 30
- 1
dtls_null.cap (2.2 KB)
| Packets: 7 | Duration: 7s | Downloads: 2151 |
DTLS handshake with one application data packet.
Authentication with server certificate only.
NULL encryption is used to demonstrate the transmission of "TESTING"
stun2.cap (102 bytes)
| Packets: 1 | Duration: n/a | Downloads: 2512 |
Stun (2) Protocol. UDP Holepunching technique.
packet-c.cap (675.0 KB)
| Packets: 926 | Duration: 13s | Downloads: 5193 |
This is a packet capture from a SonicWall. We were troubleshooting DHCP packet flows. The SonicWall saw the DHCP Discover and Sent an Offer. We never saw the DHCP acknowledgement. In the adjacent core stacked switching we were running "debug ip dhcp server packets" we only saw discover packets from IP phones up to the SonicWall. For some reason the SonicWall could not let any other DHCP packets through or out of it INSIDE (LAN) interface. Even if we put an ANY-ANY ALC for that interface. We ended up having to replace the SonicWall and upload the configuration from the old SonicWall to the new one.
-Slaingod
IPv6_RTSP.cap (15.5 KB)
| Packets: 17 | Duration: 3s | Downloads: 3405 |
This capture contains IPv6_RTSP packets. Accessed IPv6 enabled RTSP server using 6in4 tunnel.
traceroute_MPLS.cap (3.3 KB)
| Packets: 29 | Duration: 3s | Downloads: 7923 |
DHCP_MessageType 10,11,12 and 13.cap (1.9 KB)
| Packets: 6 | Duration: 13s | Downloads: 6636 |
Access Concentrator/router queries lease for particular IP addresses using message type as "DHCP LEASE QUERY" and gets response as DHCP LEASE ACTIVE,LEASE UNASSIGNED and LEASE UNKNOWN.
Access Concenttrator/Router IP=10.10.39.14
DHCP server IP=10.10.35.33
iphttps.cap (12.4 KB)
| Packets: 83 | Duration: 38s | Downloads: 7112 |
IP-HTTPS capture. This is Microsoft's IPv6 inside HTTPS tunneling for DirectAccess.
WCCPv2.pcap.cap (2.8 KB)
| Packets: 15 | Duration: 27s | Downloads: 5043 |
WCCP communication captures between 7200 Router and a WCCP capable optimization device (In my case it is Riverbed's Stealhead 2050)
rpvstp-access.pcap.cap (3.7 KB)
| Packets: 49 | Duration: 77s | Downloads: 4756 |
Rapid per-VLAN spanning tree capture of an access port (without portfast), configured in VLAN 5.
LDP_Ethernet_FrameRelay.pcap.cap (2.1 KB)
| Packets: 14 | Duration: 7s | Downloads: 5212 |
LDP with pseudowire FEC elements (Ethernet and Frame-Relay DLCI-to-DLCI)
EoMPLS.cap (7.0 KB)
| Packets: 56 | Duration: 32s | Downloads: 5607 |
Routers at 1.1.2.1 and 1.1.2.2 are PEs in a MPLS cloud. LDP starts at packet 8 and they build up a pseudo-wire VC (last FEC in packets 11 and 13). At packet 15 we already have STP running between CE1 and CE2 (two routers with ESW), encapsulated in 2 MPLS headers. All the ethernet stuff follows: CDP, ARP, ICMP between two hosts on the same subnet.
DHCP_Inter_VLAN.cap (2.0 KB)
| Packets: 4 | Duration: n/a | Downloads: 5345 |
R1 is a router-on-a-stick. It receives a DHCP Discover on the trunk interface, it sets the "Relay agent IP address" to the sub-interface's IP address it received the packet on and, finally, it forwards it to the DHCP server. Capture perspective is R1-DHCP server link.
DHCP.cap (5.8 KB)
| Packets: 12 | Duration: 153s | Downloads: 6646 |
R0 is the client and R1 is the DHCP server. Lease time is 1 minute.
TDP.cap (2.8 KB)
| Packets: 33 | Duration: 47s | Downloads: 3288 |
P2 and PE2 exchange Tag Distribution Protocol hellos and form an adjacency over TCP port 711.
SNMPv2c_get_requests.cap (894 bytes)
| Packets: 8 | Duration: n/a | Downloads: 3738 |
SNMPv2c get requests are issued from a manager to an SNMP agent in order to monitor the bandwidth utilization of an interface.
- Categories: Management
- Protocols: Ethernet, IP, SNMP, UDP
RIPv2_subnet_down.cap (1.3 KB)
| Packets: 10 | Duration: 86s | Downloads: 3791 |
RIPv2 routes are being flooded on the R1-R2 link. R2's connection to 192.168.2.0/24 goes down, and the route is advertised as unreachable (metric 16) in packet #7. Capture perspective from R1's 10.0.0.1 interface.
- Categories: Routing Protocols
- Protocols: Ethernet, IP, RIP, UDP
RIPv2.cap (1.7 KB)
| Packets: 12 | Duration: 141s | Downloads: 4248 |
A RIPv2 router periodically flooding its database. Capture perspective from R1's 10.0.0.1 interface.
- Categories: Routing Protocols
- Protocols: Ethernet, IP, RIP, UDP
RIPv1_subnet_down.cap (1.0 KB)
| Packets: 8 | Duration: 58s | Downloads: 3150 |
RIPv1 routes are being flooded on the R1-R2 link. R2's connection to 192.168.2.0/24 goes down, and the route is advertised as unreachable (metric 16) in packet #5. Capture perspective from R1's 10.0.1.1 interface.
- Categories: Routing Protocols
- Protocols: Ethernet, IP, RIP, UDP
RIPv1.cap (876 bytes)
| Packets: 6 | Duration: 65s | Downloads: 3540 |
A RIPv1 router periodically flooding its database. Capture perspective from R1's 10.0.1.1 interface.
- Categories: Routing Protocols
- Protocols: Ethernet, IP, RIP, UDP
RADIUS.cap (775 bytes)
| Packets: 4 | Duration: n/a | Downloads: 6050 |
A RADIUS authentication request is issued from a switch at 10.0.0.1 on behalf of an EAP client. The user authenticates via MD5 challenge with the username "John.McGuirk" and the password "S0cc3r".
- Categories: Authentication
- Protocols: Ethernet, IP, RADIUS, UDP
PIM-DM_pruning.cap (10.2 KB)
| Packets: 38 | Duration: 415s | Downloads: 3106 |
The multicast source at 172.16.40.10 begins sending traffic to the group 239.123.123.123, and PIM-DM floods the traffic down the tree. R4 has no group members, and prunes itself from the tree. R2 and R3 then realize they have no members, and each prunes itself from the tree. The capture shows R2 receiving the multicast traffic flooded from R1 and subsequently pruning itself every three minutes.
path_MTU_discovery.cap (6.2 KB)
| Packets: 8 | Duration: n/a | Downloads: 4597 |
Tracepath is used to determine the MTU of the path between hosts 192.168.0.2 and .1.2. Packet #6 contains an ICMP "fragmentation needed" message, indicating the MTU for that hop is 1400 bytes.
LDP_adjacency.cap (5.7 KB)
| Packets: 61 | Duration: 108s | Downloads: 4074 |
PE1 and P1 multicast LDP hellos to 224.0.0.2 on UDP port 646. They then establish an adjacency on TCP port 646 and exchange labels.
ISAKMP_sa_setup.cap (2.0 KB)
| Packets: 9 | Duration: n/a | Downloads: 4119 |
An ISAKMP session is established prior to setting up an IPsec tunnel. Phase one occurs in main mode, and phase two occurs in quick mode.
- Categories: Encryption
- Protocols: Ethernet, IP, ISAKMP, UDP
HSRP_failover.cap (3.0 KB)
| Packets: 39 | Duration: 47s | Downloads: 3442 |
R1 is the active router, R3 is the standby, and R2 is passive. R1 goes offline and R3 takes over as active after ten seconds. R2 is then promoted to the standby state.
- Categories: Cisco-proprietary, Redundancy
- Protocols: Ethernet, HSRP, IP, UDP
HSRP_election.cap (3.7 KB)
| Packets: 49 | Duration: 57s | Downloads: 3254 |
The Ethernet link shared by routers 1, 2, and 3 comes online. R1 wins the HSRP election because it has a priority of 200 (versus the default of 100 held by the other two routers). R3 becomes the standby router.
- Categories: Cisco-proprietary, Redundancy
- Protocols: Ethernet, HSRP, IP, UDP
HSRP_coup.cap (3.9 KB)
| Packets: 51 | Duration: 49s | Downloads: 2897 |
Initially only routers 3 (active) and 2 (standby) are online. R1 comes online with a priority higher than R3's. R1 takes over as the active router (the coup occurs in packet #22) almost immediately. R2 is bumped down to passive and R3 becomes the standby router.
- Categories: Cisco-proprietary, Redundancy
- Protocols: Ethernet, HSRP, IP, UDP
GLBP_election.cap (8.4 KB)
| Packets: 80 | Duration: 68s | Downloads: 2869 |
Routers 1, 2, and 3 participate in a GLBP election. R1 becomes the AVG due to having the highest priority (200), and R3 becomes the standby GLBP. All three routers become AVFs.
- Categories: Redundancy
- Protocols: Ethernet, GLBP, IP, UDP
Auto-RP.cap (726 bytes)
| Packets: 9 | Duration: 239s | Downloads: 3178 |
Routers 2 and 3 have been configured as candidate RPs, and multicast RP announcements to 239.0.1.39. Router 1 is the RP. R1 sees the candidate RP announcements from R2 and R3, and designates R3 the RP because it has a higher IP address (3.3.3.3). R1 multicasts the RP mapping to 224.0.1.40. The capture is from the R1-R2 link.
Viewing 1 - 30 of 30
- 1