Packet Captures
gmail.pcapng.cap 508.6 KB
Submitted Aug 7, 2014 by tmuhimbisemoses
Sample packet capture I created during an attempt to view login details.
ARP DHCPV6 DNS HTTP IP IPv6 NBNS SSL TCP TEREDO UDP
| Packets: 793 | Duration: 32s | Downloads: 9585 |
cflow.cap 782 bytes
Submitted Aug 7, 2014 by jabbs0n
Netflow v9 packet containing template as well as data set
| Packets: 1 | Duration: n/a | Downloads: 3384 |
Open Network Connection.pcapng.cap 26.8 KB
Submitted Jul 2, 2014 by correia_ramos
Open Network Connection
ARP DNS HTTP IP MEDIA NBDGM NBNS NTP SMB TCP UDP XML
| Packets: 116 | Duration: 387s | Downloads: 5016 |
address withdrawal ldp.pcapng.cap 716 bytes
Submitted Apr 25, 2014 by altafk
Label address withdrawal message. An LSR sends the label address withdrawal message to a peer when it wants to withdraw previously advertised labels to address mappings. See RFC 3036 for more details.
| Packets: 1 | Duration: n/a | Downloads: 5845 |
mpls address label mapping.pcapng.cap 708 bytes
Submitted Apr 23, 2014 by altafk
MPLS address label mappings communication over TCP (here R6 to R5) In this packet we can see the address bound to that neighbor (R6) in the address list TLV. Also the address and labels are encoded as TLV(type length value). We should remember that the transport address of the neighbor should be reachable and not mpls router ID, because the TCP handshake is done via transport address and not MPLS router id. The address label mapping is exchanged once the TCP handshake is done.
| Packets: 1 | Duration: n/a | Downloads: 6918 |
DNS Question & Answer.pcapng.cap 1.6 KB
Submitted Apr 16, 2014 by manjesh23
DNS Question and Answer
| Packets: 2 | Duration: n/a | Downloads: 9730 |
bgp as confed sequence.pcapng.cap 432 bytes
Submitted Apr 4, 2014 by altafk
AS confederation sequence set in the BGP updates. Confederations are used to minimize IBGP mesh between BGP speakers but IBGP rules apply between EBGP sub confederation peers. AS confederation sequence are an ordered list of Autonomous systems passed within confederations.
| Packets: 1 | Duration: n/a | Downloads: 4630 |
bgp orf prefix advertisement.pcapng.cap 336 bytes
Submitted Apr 3, 2014 by altafk
BGP prefix list sent during route refresh when outbound route filtering is configured. here we clearly see whether the prefix list is add or delete and permit or deny. Also we can see the actual network/mask sent.
| Packets: 1 | Duration: n/a | Downloads: 4768 |
bgp orf capabilty negotitation.pcapng.cap 328 bytes
Submitted Apr 3, 2014 by altafk
BGP outbound route filtering capabilities negotiation between BGP speakers, sent during route [ Cisco PrefixList ORF-Type (128)].
| Packets: 1 | Duration: n/a | Downloads: 4063 |
bgp med.pcapng.cap 364 bytes
Submitted Apr 2, 2014 by altafk
BGP metric value set to 242( just a random value), used as a suggestion for peer in neighboring AS to influence incoming traffic.
| Packets: 1 | Duration: n/a | Downloads: 4000 |
no-advertise community.pcapng.cap 420 bytes
Submitted Mar 31, 2014 by altafk
BGP update packet with no-advertise community set [Community:NO_ADVERTISE (0xffffff02)] A BGP router telling its BGP peer not to advertise this route to any other peer whether EBGP or IBGP.
| Packets: 2 | Duration: n/a | Downloads: 3889 |
sflow.cap 1.8 KB
Submitted Oct 29, 2013 by hgsuttorp
SFLOW capture containing - counter sample packets - flow sample packet
| Packets: 9 | Duration: 109s | Downloads: 3552 |
snoop-working-ccm7.cap 203.0 KB
Submitted Jul 22, 2013 by earnestavathan
H323 Phone registering!!!
| Packets: 191 | Duration: 1081s | Downloads: 5918 |
hdlc slarp.pcapng.cap 612 bytes
Submitted Jan 29, 2013 by altafk
We can have our serial interface automatically assign itself ip address from neighbor router, like DHCP for serial interfaces.
which is called as SLARP(serial line address resolution protocol).
Here is a packet capture of slarp and the router requesting the addresss and mask from neighbor router.Also the neighboring router responds with its own ip address and mask and this router looks into the mask and assigns itself the next available ip address from the subnet.
| Packets: 7 | Duration: 22s | Downloads: 3964 |
icmp fragmented.cap 106.4 KB
Submitted Aug 27, 2012 by altafk
pinged google.com with -l option in windows which allows us to set the data size of the packet.
Data size of 15000 bytes has been chosen and we can see that it is fragmented through the network into a maximum data size 1480 bytes in each packet.
We can also see offset and identification field set in the ip header.
| Packets: 77 | Duration: 11s | Downloads: 9170 |
ospf over gre tunnel.cap 8.2 KB
Submitted Jun 13, 2012 by altafk
Configured ospf over GRE tunnel in which packets are double tagged with ip header, useful when there is no direct connection between the 2 routers but still we need to run ospf.
| Packets: 63 | Duration: 241s | Downloads: 16331 |
connection termination.cap 316 bytes
Submitted Jun 5, 2012 by altafk
This is a connection termination packet in which both the server and client sends fin & ack to each other.
For details of how connection is been teared down by both client and server see the link below.
http://www.firewall.cx/networking-topics/protocols/tcp/136-tcp-flag-options.html
| Packets: 4 | Duration: n/a | Downloads: 11440 |
gratuitous arp hsrp.cap 480 bytes
Submitted May 16, 2012 by altafk
When router take the role of active in hsrp it sends a gratuitous arp in which source mac is 00:00:0c:07:ac:01, the switches update their mac table for the newly learned mac and starts forwarding to that port.
| Packets: 6 | Duration: 6s | Downloads: 12878 |
ospf simple password authentication.cap 766 bytes
Submitted May 14, 2012 by altafk
Simple password authentication in ospf in which we can see password in clear text.
Also the auth type is also specified in the packet which is simple password.
I have also found a very interesting article regarding md5 auth mistakes made by many network engineers the link of which is below.
http://packetlife.net/blog/2010/jun/1/ospfv2-authentication-confusion/
| Packets: 7 | Duration: 60s | Downloads: 10355 |
icmp with record route option set.cap 1.2 KB
Submitted May 9, 2012 by altafk
ping packet with record route option set and IP addresses of all outgoing and incoming interfaces along the path.
In that we can also see position of current pointer.
| Packets: 10 | Duration: 2s | Downloads: 8980 |
dtls_null.cap 2.2 KB
Submitted May 5, 2012 by Kriki
DTLS handshake with one application data packet.
Authentication with server certificate only.
NULL encryption is used to demonstrate the transmission of "TESTING"
| Packets: 7 | Duration: 7s | Downloads: 5559 |
MSTP_Intra-Region_BPDUs.cap 1.7 KB
Submitted May 1, 2012 by lobo
MSTP BPDUs captured on an intra-region root port.
00:1f:27:b4:7d:80 - CIST Root (is in another MSTP Region)
00:16:46:b5:8c:80 - CIST Regional Root, Root for Instance 0, 2
00:1e:f7:05:a8:80 - Root for Instance 1
Notice in frame 1 that 00:1e:f7:05:a8:80 uses 32768.00:16:46:b5:8c:80 (Regional Root BID) as bridge ID in the main STP header to make the region appear as a single bridge.
| Packets: 10 | Duration: 10s | Downloads: 12865 |
IGMP_V1.cap 2.0 KB
Submitted Apr 2, 2012 by Emieeecy
All IGMP V1 requests : Query General, Join specific group
| Packets: 27 | Duration: 259s | Downloads: 11785 |
IGMP_V2.cap 1.3 KB
Submitted Mar 27, 2012 by Emieeecy
All IGMP V2 requests : Query General, Query specfic group, Join specific group, leave specific group
| Packets: 18 | Duration: 133s | Downloads: 16926 |
stun2.cap 102 bytes
Submitted Mar 2, 2012 by jello
Stun (2) Protocol. UDP Holepunching technique.
| Packets: 1 | Duration: n/a | Downloads: 6405 |