Packet Captures
EIGRP_goodbye.cap 1.3 KB
Submitted Sep 14, 2009
R2 designates its interface facing R1 as passive. The final hello message from R2 (packet #9) has all its K values set to 255, designating the message as a "goodbye." Capture perspective is from R1's 10.0.0.1 interface.
Packets: 15 | Duration: 43s | Downloads: 7669 |
EIGRP_adjacency.cap 5.1 KB
Submitted Sep 14, 2009
Formation of an EIGRP adjacency between routers R1 and R2. Capture point is R1's 10.0.0.1 interface.
Packets: 53 | Duration: 104s | Downloads: 10287 |
EIGRPv2_subnet_transition.cap 5.3 KB
Submitted Sep 14, 2009
R4's 2001:db8:0:400::/64 subnet goes down, then comes back up roughly thirty seconds later. Capture perspective from R1's 2001:db8:0:12::1 interface.
Packets: 49 | Duration: 65s | Downloads: 6243 |
EIGRPv2_adjacency.cap 4.1 KB
Submitted Sep 14, 2009
Routers 1 and 2 form an EIGRPv2 adjacency and exchange IPv6 routes.
Packets: 31 | Duration: 52s | Downloads: 8046 |
EBGP_adjacency.cap 2.7 KB
Submitted Sep 14, 2009
The external BGP adjacency between routers 1 and 2 is brought online and routes are exchanged. Keepalives are then exchanged every 60 seconds. Note that the IP TTL (normally 1) has been increased to 2 with ebgp-multihop to facilitate communication between the routers' loopback interfaces.
Packets: 24 | Duration: 182s | Downloads: 8162 |
DTP.cap 934 bytes
Submitted Sep 14, 2009
Dynamic Trunking Protocol (DTP) emanated from a Catalyst 3560 every 60 seconds, both with and without ISL encapsulation.
Packets: 10 | Duration: 120s | Downloads: 8692 |
BGP_soft_reset.cap 2.0 KB
Submitted Sep 14, 2009
R1 performs a soft bidirectional reset (clear ip bgp soft) on its adjacency with R2. The ROUTE-REFRESH message is visible in packet #7. Note that the TCP connection remains uninterrupted, and neither router views the reset as disruptive.
Packets: 17 | Duration: 180s | Downloads: 6761 |
BGP_notification.cap 764 bytes
Submitted Sep 14, 2009
R1 has been misconfigured to expect R2 to reside in AS 65100. R2 attempts to peer with R1 advertising itself correctly in AS 65200. R1 issues a NOTIFICATION in packet #5 citing a "bad peer AS" error and terminates the TCP connection.
Packets: 9 | Duration: n/a | Downloads: 7022 |
BGP_hard_reset.cap 3.2 KB
Submitted Sep 14, 2009
A hard reset (clear ip bgp) is performed on R1 for its adjacency with R2. Packet #7 shows R1 sending a packet with the TCP FIN flag set, indicating the connection is to be torn down. The TCP connection is then reestablished and UPDATEs are retransmitted.
Packets: 32 | Duration: 208s | Downloads: 6656 |
BGP_AS_set.cap 1.6 KB
Submitted Sep 14, 2009
Packet #15 includes a BGP update containing both an AS sequence and an AS set in its AS path attribute.
Packets: 18 | Duration: 1s | Downloads: 7991 |
Auto-RP.cap 726 bytes
Submitted Sep 14, 2009
Routers 2 and 3 have been configured as candidate RPs, and multicast RP announcements to 239.0.1.39. Router 1 is the RP. R1 sees the candidate RP announcements from R2 and R3, and designates R3 the RP because it has a higher IP address (3.3.3.3). R1 multicasts the RP mapping to 224.0.1.40. The capture is from the R1-R2 link.
Packets: 9 | Duration: 239s | Downloads: 6365 |
802.1X.cap 498 bytes
Submitted Sep 14, 2009
A wired client authenticates to its switch using 802.1x/EAP and MD5 challenge authentication.
Packets: 7 | Duration: 19s | Downloads: 13780 |
802.1w_rapid_STP.cap 2.2 KB
Submitted Sep 14, 2009
Rapid Spanning Tree Protocol BPDUs are received from a Catalyst switch after connecting to a port not configured for PortFast. The port transitions through the blocking and learning states before issuing a topology change notification (packet #30) and transitioning to the forwarding state.
Packets: 30 | Duration: 56s | Downloads: 11492 |
802.1D_spanning_tree.cap 1.1 KB
Submitted Sep 14, 2009
IEEE 802.1D Spanning Tree Protocol (STP) advertisements sent every two seconds.
Packets: 14 | Duration: 26s | Downloads: 13646 |
3725_CDP.cap 390 bytes
Submitted Sep 14, 2009
Cisco Discovery Protocol (CDP) from FastEthernet0/0 of a Cisco 3725 router.
Packets: 1 | Duration: n/a | Downloads: 6443 |
3560_CDP.cap 1.2 KB
Submitted Sep 14, 2009
Cisco Discovery Protocol (CDP) advertisements from a Catalyst 3560. Note how much information is offered to a potential attacker.
Packets: 3 | Duration: 120s | Downloads: 7091 |