{"id":561,"date":"2013-02-04T12:01:02","date_gmt":"2013-02-04T11:01:02","guid":{"rendered":""},"modified":"2018-11-01T00:43:21","modified_gmt":"2018-10-31T23:43:21","slug":"parsing-ospf-packets-using-tcpdump","status":"publish","type":"post","link":"https:\/\/nil.uniza.sk\/en\/parsing-ospf-packets-using-tcpdump\/","title":{"rendered":"Parsing OSPF packets using tcpdump"},"content":{"rendered":"<p>\n\tSometimes we need to capture and parse OSPF packets for next analysis and we have a comand line only, in my case on linux server with dynamips. We should use <em>tcpdump <\/em>tool for this purpose, of course, several ways are available.<\/p>\n<p>\n\t<strong>Capturing OSPF packets on the fly<\/strong><\/p>\n<pre>\r\ntcpdump -i eth0 ip[9] == 89\r\n<\/pre>\n<p>\n\twhere OSPF ip protocol number is 89, and the protocol field is the 9th octet on the ip header.<\/p>\n<p>\n\tAnother way is:<\/p>\n<pre>\r\ntcpdump -i eth0 proto ospf<\/pre>\n<p>\n\t<strong>Writing captured packets to a file<\/strong><\/p>\n<pre>\r\ntcpdump -i eth0 proto ospf <strong>-w<\/strong> example.cap<\/pre>\n<p>\n\t<strong>Reading ospf packet from a file<\/strong><\/p>\n<p>\n\tWe need the &quot;-r&quot; switch<\/p>\n<pre>\r\ntcpdump <strong>-r <\/strong>example.cap proto ospf<\/pre>\n<p>\n\twhere tha output will look like<\/p>\n<pre>\r\nreading from file example.cap, link-type EN10MB (Ethernet)\r\n11:15:45.372823 IP 172.16.21.1 &gt; ospf-all.mcast.net: OSPFv2, Hello, length 60\r\n11:15:45.440657 IP 172.16.21.2 &gt; ospf-all.mcast.net: OSPFv2, Hello, length 60\r\n11:15:55.400764 IP 172.16.21.1 &gt; ospf-all.mcast.net: OSPFv2, Hello, length 60\r\n11:15:55.437823 IP 172.16.21.2 &gt; ospf-all.mcast.net: OSPFv2, Hello, length 60\r\n11:16:05.399377 IP 172.16.21.1 &gt; ospf-all.mcast.net: OSPFv2, Hello, length 60\r\n11:16:05.436417 IP 172.16.21.2 &gt; ospf-all.mcast.net: OSPFv2, Hello, length 60\r\n11:16:15.371454 IP 172.16.21.1 &gt; ospf-all.mcast.net: OSPFv2, Hello, length 60\r\n11:16:15.439414 IP 172.16.21.2 &gt; ospf-all.mcast.net: OSPFv2, Hello, length 60\r\n<\/pre>\n<p>\n\tIf we need to print all the packet info, try:<\/p>\n<pre>\r\ntcpdump -v -r example.cap proto ospf<\/pre>\n<p>\n\tand we should be able to see OSPF packet detail<\/p>\n<pre>\r\n11:15:45.372823 IP (tos 0xc0, ttl 1, id 303, offset 0, flags [none], proto OSPF (89), length 80)\r\n    172.16.21.1 &gt; ospf-all.mcast.net: OSPFv2, Hello, length 60 [len 48]\r\n        Router-ID 192.168.1.1, Backbone Area, Authentication Type: none (0)\r\n        Options [External, LLS]\r\n          Hello Timer 10s, Dead Timer 40s, Mask 255.255.255.0, Priority 1\r\n          Designated Router 172.16.21.2, Backup Designated Router 172.16.21.1\r\n          Neighbor List:\r\n            192.168.1.2\r\n          LLS: checksum: 0xfff6, length: 3\r\n            Extended Options (1), length: 4\r\n              Options: 0x00000001 [LSDB resync]<\/pre>\n<p>\n\t<strong>Note<\/strong>:<\/p>\n<p>\n\t-i defines capturing interface,<\/p>\n<p>\n\t-r read from a file,<\/p>\n<p>\n\t-v be verbose,<\/p>\n<p>\n\t-vv be very verbose.<\/p>","protected":false},"excerpt":{"rendered":"<p>\n\tSometimes we need to capture and parse OSPF packets for next analysis and we have a comand line only, in my case on linux server with dynamips. We should use <em>tcpdump <\/em>tool for this purpose, of course, several ways are available.<\/p>\n<p>\n\t<strong>Capturing OSPF packets on the fly<\/strong><\/p>\n<pre>\r\ntcpdump -i eth0 ip[9] == 89\r\n<\/pre>\n<p>\n\twhere OSPF ip protocol number is 89, and the protocol field is the 9th octet on the ip header.<\/p>\n<p>\n\tAnother way is:<\/p>\n<pre>\r\ntcpdump -i eth0 proto ospf<\/pre>\n<p>\n\t<strong>Writing captured packets to a file<\/strong><\/p>","protected":false},"author":7,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"footnotes":""},"categories":[685,761],"tags":[],"class_list":["post-561","post","type-post","status-publish","format-standard","hentry","category-linux_-_howto-en","category-ospf-en"],"taxonomy_info":{"category":[{"value":685,"label":"Linux - HOWTO"},{"value":761,"label":"OSPF"}]},"featured_image_src_large":false,"author_info":{"display_name":"admin","author_link":"https:\/\/nil.uniza.sk\/en\/author\/admin\/"},"comment_info":9,"category_info":[{"term_id":685,"name":"Linux - HOWTO","slug":"linux_-_howto-en","term_group":0,"term_taxonomy_id":683,"taxonomy":"category","description":"","parent":0,"count":71,"filter":"raw","cat_ID":685,"category_count":71,"category_description":"","cat_name":"Linux - HOWTO","category_nicename":"linux_-_howto-en","category_parent":0},{"term_id":761,"name":"OSPF","slug":"ospf-en","term_group":0,"term_taxonomy_id":759,"taxonomy":"category","description":"","parent":759,"count":1,"filter":"raw","cat_ID":761,"category_count":1,"category_description":"","cat_name":"OSPF","category_nicename":"ospf-en","category_parent":759}],"tag_info":false,"_links":{"self":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/posts\/561","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/comments?post=561"}],"version-history":[{"count":0,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/posts\/561\/revisions"}],"wp:attachment":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/media?parent=561"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/categories?post=561"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/tags?post=561"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}