Categories
Protocols
RSS Feed

Keep up with the latest captures by subscribing to the RSS feed.

Leech

To download all captures, point your download manager to the leech page.

More Captures
All captures
Viewing 1 - 20 of 69 captures
1 | 2 | 3 | 4 | Next »

IPv6_NDP.cap (2.1 KB)

Packets: 20 Avg Size: 90 bytes Duration: 40.6 sec
Data Rate: 0.35 Kbps Added: 26 Aug 2008 Downloads: 26

Neighbor Discovery Protocol (NDP) uses ICMPv6 to perform duplicate address detection and address resolution. Also includes multicast listener reports.

path_MTU_discovery.cap (6.2 KB)

Packets: 8 Avg Size: 780 bytes Duration: 0.0 sec
Data Rate: 12820.21 Kbps Added: 14 Aug 2008 Downloads: 166

Tracepath is used to determine the MTU of the path between hosts 192.168.0.2 and .1.2. Packet #6 contains an ICMP "fragmentation needed" message, indicating the MTU for that hop is 1400 bytes.

802.1w_rapid_STP.cap (2.2 KB)

Packets: 30 Avg Size: 60 bytes Duration: 56.2 sec
Data Rate: 0.25 Kbps Added: 10 Aug 2008 Downloads: 86

Rapid Spanning Tree Protocol BPDUs are received from a Catalyst switch after connecting to a port not configured for PortFast. The port transitions through the blocking and learning states before issuing a topology change notification (packet #30) and transitioning to the forwarding state.

PPP_TCP_compression.cap (1.5 KB)

Packets: 43 Avg Size: 18 bytes Duration: 2.9 sec
Data Rate: 2.06 Kbps Added: 5 Aug 2008 Downloads: 75

A telnet session is established to 191.1.13.3 across a PPP link performing TCP header compression. The user at 191.1.13.1 logs in with the password "cisco" and terminates the connection.

802.1X.cap (498 bytes)

Packets: 7 Avg Size: 52 bytes Duration: 19.3 sec
Data Rate: 0.15 Kbps Added: 2 Aug 2008 Downloads: 211

A wired client authenticates to its switch using 802.1x/EAP and MD5 challenge authentication.

RADIUS.cap (775 bytes)

Packets: 4 Avg Size: 172 bytes Duration: 0.0 sec
Data Rate: 122.31 Kbps Added: 2 Aug 2008 Downloads: 188

A RADIUS authentication request is issued from a switch at 10.0.0.1 on behalf of an EAP client. The user authenticates via MD5 challenge with the username "John.McGuirk" and the password "S0cc3r".

TDP.cap (2.8 KB)

Packets: 33 Avg Size: 70 bytes Duration: 47.5 sec
Data Rate: 0.38 Kbps Added: 27 Jul 2008 Downloads: 82

P2 and PE2 exchange Tag Distribution Protocol hellos and form an adjacency over TCP port 711.

mGRE_ICMP.cap (3.7 KB)

Packets: 24 Avg Size: 139 bytes Duration: 10.1 sec
Data Rate: 2.59 Kbps Added: 22 Jul 2008 Downloads: 172

R2 begins sending ICMP traffic to R4, but it currently only has a GRE tunnel open to R1. The first two ICMP requests (packets #1 and #4) are routed through R1 while R2 sends an NHRP request to R1 for R4's spoke address. Once a GRE tunnel is dynamically built between spoke routers R2 and R4, R2 begins routing the ICMP traffic directly to R4. Capture perspective from the R2-R5 link.

NHRP_registration.cap (648 bytes)

Packets: 4 Avg Size: 140 bytes Duration: 0.0 sec
Data Rate: 121.60 Kbps Added: 22 Jul 2008 Downloads: 69

R2 registers a multipoint GRE tunnel with R1. Capture perspective from the R1-R5 link.

MPLS_encapsulation.cap (1.3 KB)

Packets: 10 Avg Size: 116 bytes Duration: 0.3 sec
Data Rate: 26.50 Kbps Added: 15 Jul 2008 Downloads: 156

Capture taken from the PE1-P1 link. ICMP traffic between CE1 and CE2 is encapsulated outbound with MPLS label 18. Note that returning traffic is not labeled, due to penultimate hop popping (PHP).

LDP_adjacency.cap (5.7 KB)

Packets: 61 Avg Size: 80 bytes Duration: 108.0 sec
Data Rate: 0.35 Kbps Added: 15 Jul 2008 Downloads: 109

PE1 and P1 multicast LDP hellos to 224.0.0.2 on UDP port 646. They then establish an adjacency on TCP port 646 and exchange labels.

MSDP.cap (4.1 KB)

Packets: 35 Avg Size: 105 bytes Duration: 391.3 sec
Data Rate: 0.07 Kbps Added: 6 Jul 2008 Downloads: 97

R2 and R3 become MSDP peers and exchange keepalives. A multicast source 172.16.40.10 begins sending traffic to group 239.123.123.123, and R2 begins sending periodic source active messages to R3. Capture perspective is the R2-R3 link.

PIMv2_bootstrap.cap (712 bytes)

Packets: 8 Avg Size: 70 bytes Duration: 184.1 sec
Data Rate: 0.02 Kbps Added: 6 Jul 2008 Downloads: 80

Router 1 is the BSR and routers 2 and 3 are candidate RPs with the default priority of 0. R1 collects the RP advertisement unicasts from R2 and R3 and combines them in a bootstrap multicast to all PIM routers. Capture perspective is the R1-R3 link.

Auto-RP.cap (726 bytes)

Packets: 9 Avg Size: 62 bytes Duration: 239.3 sec
Data Rate: 0.02 Kbps Added: 5 Jul 2008 Downloads: 112

Routers 2 and 3 have been configured as candidate RPs, and multicast RP announcements to 239.0.1.39. Router 1 is the RP. R1 sees the candidate RP announcements from R2 and R3, and designates R3 the RP because it has a higher IP address (3.3.3.3). R1 multicasts the RP mapping to 224.0.1.40. The capture is from the R1-R2 link.

PIM-SM_join_prune.cap (3.8 KB)

Packets: 47 Avg Size: 67 bytes Duration: 472.9 sec
Data Rate: 0.05 Kbps Added: 5 Jul 2008 Downloads: 87

A host on R4's 172.16.20.0/24 subnet requests to join the 239.123.123.123 group. R4 sends a PIMv2 join message up to the RP (R1). Subsequent join messages are sent every 30 seconds, until R4 determines it no longer has any interested hosts and sends a prune request (packet #45). PIMv1 RP-Reachable messages for the group are also visible from R1.

mtrace.cap (238 bytes)

Packets: 2 Avg Size: 91 bytes Duration: 0.0 sec
Data Rate: 59.05 Kbps Added: 5 Jul 2008 Downloads: 76

mtrace 172.16.40.1 172.16.20.1 is issued on R1 to trace the RPF path from R4's 172.16.20.0/24 subnet to R1's 172.16.40.0/24 subnet. The capture is taken on the R1-R3 link.

mrinfo_query.cap (182 bytes)

Packets: 2 Avg Size: 63 bytes Duration: 0.0 sec
Data Rate: 122.85 Kbps Added: 5 Jul 2008 Downloads: 67

mrinfo 2.2.2.2 is issued on R1. DVMRPv3 is used to query R2 for its multicast interfaces.

PIM-DM_pruning.cap (10.2 KB)

Packets: 38 Avg Size: 258 bytes Duration: 415.0 sec
Data Rate: 0.18 Kbps Added: 4 Jul 2008 Downloads: 75

The multicast source at 172.16.40.10 begins sending traffic to the group 239.123.123.123, and PIM-DM floods the traffic down the tree. R4 has no group members, and prunes itself from the tree. R2 and R3 then realize they have no members, and each prunes itself from the tree. The capture shows R2 receiving the multicast traffic flooded from R1 and subsequently pruning itself every three minutes.

PIMv2_hellos.cap (528 bytes)

Packets: 6 Avg Size: 68 bytes Duration: 63.2 sec
Data Rate: 0.05 Kbps Added: 4 Jul 2008 Downloads: 75

Routers 1 and 2 exchange PIMv2 hello packets.

IGMPv2_query_and_report.cap (438 bytes)

Packets: 6 Avg Size: 53 bytes Duration: 125.5 sec
Data Rate: 0.02 Kbps Added: 4 Jul 2008 Downloads: 98

R1 issues IGMPv2 general membership queries to the 172.16.40.0/24 segment every 60 seconds. A host replies to each query reporting it belongs to the multicast group 239.255.255.250.

Viewing 1 - 20 of 69 captures
1 | 2 | 3 | 4 | Next »