Packet Captures
PIM_register_register-stop.cap 258 bytes
Submitted Sep 30, 2009 by pierky
Switch at 192.168.0.6 receives an IGMP request for the group 239.1.2.3, encapsulates the original IGMP packet in a PIM Register and sends it to the RP at 192.168.1.254. In packet #2 RP sends a Register-Stop to the switch.
Packets: 2 | Duration: n/a | Downloads: 10950 |
DHCP.cap 5.8 KB
Submitted Sep 29, 2009 by pierky
R0 is the client and R1 is the DHCP server. Lease time is 1 minute.
Packets: 12 | Duration: 153s | Downloads: 11468 |
VRRP_preempt.cap 1.2 KB
Submitted Sep 14, 2009
Initially R3 is the master, R2 is backup, and R1 is offline. R1 comes back online with a priority of 200, preempting R3 to become the master router.
Packets: 16 | Duration: 14s | Downloads: 11259 |
VRRP_failover.cap 2.4 KB
Submitted Sep 14, 2009
The master router (R1) goes offline. After the down interval passes (roughly 3 seconds), R3 takes over as the master router in packet #12. R2 also offers to take over but R3 wins because it has the higher IP address.
Packets: 32 | Duration: 33s | Downloads: 12035 |
UDLD.cap 3.3 KB
Submitted Sep 14, 2009
Unidirectional Link Detection (UDLD) is used to monitor the status of a link between a Catalyst 2960 and a Catalyst 3560. Note that echos are initially sent at very small intervals, gradually throttling back to the configured interval of 15 seconds.
Packets: 29 | Duration: 93s | Downloads: 10271 |
telnet.cap 9.4 KB
Submitted Sep 14, 2009
Telnetting from one router to another. Note that all communication is visible in clear text.
Packets: 74 | Duration: 10s | Downloads: 10029 |
TDP.cap 2.8 KB
Submitted Sep 14, 2009
P2 and PE2 exchange Tag Distribution Protocol hellos and form an adjacency over TCP port 711.
Packets: 33 | Duration: 47s | Downloads: 6408 |
SSHv2.cap 11.4 KB
Submitted Sep 14, 2009
An SSH version 2 session between two routers. All communication is securely encrypted.
Packets: 90 | Duration: 7s | Downloads: 45567 |
SNMPv2c_get_requests.cap 894 bytes
Submitted Sep 14, 2009
SNMPv2c get requests are issued from a manager to an SNMP agent in order to monitor the bandwidth utilization of an interface.
Packets: 8 | Duration: n/a | Downloads: 8085 |
RIPv2_subnet_down.cap 1.3 KB
Submitted Sep 14, 2009
RIPv2 routes are being flooded on the R1-R2 link. R2's connection to 192.168.2.0/24 goes down, and the route is advertised as unreachable (metric 16) in packet #7. Capture perspective from R1's 10.0.0.1 interface.
Packets: 10 | Duration: 86s | Downloads: 8552 |
RIPv2.cap 1.7 KB
Submitted Sep 14, 2009
A RIPv2 router periodically flooding its database. Capture perspective from R1's 10.0.0.1 interface.
Packets: 12 | Duration: 141s | Downloads: 10402 |
RIPv1_subnet_down.cap 1.0 KB
Submitted Sep 14, 2009
RIPv1 routes are being flooded on the R1-R2 link. R2's connection to 192.168.2.0/24 goes down, and the route is advertised as unreachable (metric 16) in packet #5. Capture perspective from R1's 10.0.1.1 interface.
Packets: 8 | Duration: 58s | Downloads: 6518 |
RIPv1.cap 876 bytes
Submitted Sep 14, 2009
A RIPv1 router periodically flooding its database. Capture perspective from R1's 10.0.1.1 interface.
Packets: 6 | Duration: 65s | Downloads: 7673 |
RADIUS.cap 775 bytes
Submitted Sep 14, 2009
A RADIUS authentication request is issued from a switch at 10.0.0.1 on behalf of an EAP client. The user authenticates via MD5 challenge with the username "John.McGuirk" and the password "S0cc3r".
Packets: 4 | Duration: n/a | Downloads: 15696 |
PIMv2_hellos.cap 528 bytes
Submitted Sep 14, 2009
Routers 1 and 2 exchange PIMv2 hello packets.
Packets: 6 | Duration: 63s | Downloads: 9271 |
PIMv2_bootstrap.cap 712 bytes
Submitted Sep 14, 2009
Router 1 is the BSR and routers 2 and 3 are candidate RPs with the default priority of 0. R1 collects the RP advertisement unicasts from R2 and R3 and combines them in a bootstrap multicast to all PIM routers. Capture perspective is the R1-R3 link.
Packets: 8 | Duration: 184s | Downloads: 7346 |
PIM-SM_join_prune.cap 3.8 KB
Submitted Sep 14, 2009
A host on R4's 172.16.20.0/24 subnet requests to join the 239.123.123.123 group. R4 sends a PIMv2 join message up to the RP (R1). Subsequent join messages are sent every 30 seconds, until R4 determines it no longer has any interested hosts and sends a prune request (packet #45). PIMv1 RP-Reachable messages for the group are also visible from R1.
Packets: 47 | Duration: 473s | Downloads: 11553 |
PIM-DM_pruning.cap 10.2 KB
Submitted Sep 14, 2009
The multicast source at 172.16.40.10 begins sending traffic to the group 239.123.123.123, and PIM-DM floods the traffic down the tree. R4 has no group members, and prunes itself from the tree. R2 and R3 then realize they have no members, and each prunes itself from the tree. The capture shows R2 receiving the multicast traffic flooded from R1 and subsequently pruning itself every three minutes.
Packets: 38 | Duration: 415s | Downloads: 7053 |
path_MTU_discovery.cap 6.2 KB
Submitted Sep 14, 2009
Tracepath is used to determine the MTU of the path between hosts 192.168.0.2 and .1.2. Packet #6 contains an ICMP "fragmentation needed" message, indicating the MTU for that hop is 1400 bytes.
Packets: 8 | Duration: n/a | Downloads: 13106 |
OSPF_with_MD5_auth.cap 4.6 KB
Submitted Sep 14, 2009
An OSPF adjacency is formed between two routers configured to use MD5 authentication.
Packets: 34 | Duration: 63s | Downloads: 7897 |
OSPF_type7_LSA.cap 3.6 KB
Submitted Sep 14, 2009
Area 10 is configured as a not-so-stubby area (NSSA). The capture records the adjacency formed between routers 2 and 3. The link state update in packet #11 includes several type 7 LSAs from R2. Capture perspective from R3's 10.0.10.1 interface.
Packets: 25 | Duration: 32s | Downloads: 9053 |
OSPF_LSA_types.cap 4.0 KB
Submitted Sep 14, 2009
Capture of adjacency formation between OSPF routers 4 and 5 in area 20. Packet #12 contains LSAs of types 1, 2, 3, 4, and 5.
Packets: 30 | Duration: 63s | Downloads: 12220 |
OSPF_broadcast_adjacencies.cap 8.4 KB
Submitted Sep 14, 2009
Three routers form OSPF adjacencies across a broadcast segment. All interface priorities are left default, so R3 (with the highest router ID) becomes the DR, and R2 (with the next-highest router ID) becomes the BDR. Capture perspective from R1.
Packets: 74 | Duration: 95s | Downloads: 9943 |
OSPFv3_with_AH.cap 10.7 KB
Submitted Sep 14, 2009
The adjacency between R1 and R2 in the 2001:db8:0:12::/64 subnet is configured with IPsec AH authentication. Note the inclusion of an IPsec AH header immediately following the IPv6 header of each OSPF packet.
Packets: 61 | Duration: 170s | Downloads: 8643 |
OSPFv3_broadcast_adjacency.cap 5.4 KB
Submitted Sep 14, 2009
Routers 1 and 2 form an OSPFv3 adjacency across their common Ethernet link (2001:db8:0:12::/64).
Packets: 38 | Duration: 70s | Downloads: 7492 |