What exactly you are looking for? Let us know the details and we will be able to help you.

-amit singh

I am looking for a packet capture of EGP and IGP, I am not concerned about what type of message they carry. I just need to see a capture. It has been nearly impossible for me to generate this traffic with packet crafting. I have also checked the RFCs.

Joshua,

Do you mean eBGP and iBGP? As far as I know EGP is not used by anybody anymore and has been withdrawn from IOS a while ago.

Hope this helps,

Hey, Yes this is my problem its very hard for me to find good detailed information due to them being replaced with BGP and EIGRP etc) So I have tried many resources and I figured this would be the place. I thought maybe someone may have a old router kicking around with a old IOS that could pull some PCAPs for me or even if someone had a legacy network with EGP.

Just as a clarification, EIGRP doesn't replace IGP, it is rather by definition an IGP itself.

Here's the dump for a few EGP messages:

Frame 69 (38 bytes on wire, 38 bytes captured)

Arrival Time: Nov 16, 2006 15:20:59.751170000

Time delta from previous packet: 6.160157000 seconds

Time since reference or first frame: 277.298408000 seconds

Frame Number: 69

Packet Length: 38 bytes

Capture Length: 38 bytes

Cisco HDLC

Address: Unicast (0x0f)

Protocol: IP (0x0800)

Internet Protocol, Src Addr: 192.168.12.1 (192.168.12.1), Dst Addr: 192.168.12.2 (192.168.12.2)

Version: 4

Header length: 20 bytes

Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)

0000 00.. = Differentiated Services Codepoint: Default (0x00)

.... ..0. = ECN-Capable Transport (ECT): 0

.... ...0 = ECN-CE: 0

Total Length: 34

Identification: 0x0077 (119)

Flags: 0x00

.0.. = Don't fragment: Not set

..0. = More fragments: Not set

Fragment offset: 0

Time to live: 255

Protocol: EGP (0x08)

Header checksum: 0x2209 (correct)

Source: 192.168.12.1 (192.168.12.1)

Destination: 192.168.12.2 (192.168.12.2)

Data (14 bytes)

0000 0f 00 08 00 45 00 00 22 00 77 00 00 ff 08 22 09 ....E..".w....".

0010 c0 a8 0c 01 c0 a8 0c 02 02 03 00 00 fd 0b 00 01 ................

0020 00 00 00 3c 00 b4 ...<..

Frame 70 (38 bytes on wire, 38 bytes captured)

Arrival Time: Nov 16, 2006 15:20:59.770781000

Time delta from previous packet: 0.019611000 seconds

Time since reference or first frame: 277.318019000 seconds

Frame Number: 70

Packet Length: 38 bytes

Capture Length: 38 bytes

Cisco HDLC

Address: Unicast (0x0f)

Protocol: IP (0x0800)

Internet Protocol, Src Addr: 192.168.12.2 (192.168.12.2), Dst Addr: 192.168.12.1 (192.168.12.1)

Version: 4

Header length: 20 bytes

Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)

0000 00.. = Differentiated Services Codepoint: Default (0x00)

.... ..0. = ECN-Capable Transport (ECT): 0

.... ...0 = ECN-CE: 0

Total Length: 34

Identification: 0x003d (61)

Flags: 0x00

.0.. = Don't fragment: Not set

..0. = More fragments: Not set

Fragment offset: 0

Time to live: 255

Protocol: EGP (0x08)

Header checksum: 0x2243 (correct)

Source: 192.168.12.2 (192.168.12.2)

Destination: 192.168.12.1 (192.168.12.1)

Data (14 bytes)

0000 0f 00 08 00 45 00 00 22 00 3d 00 00 ff 08 22 43 ....E..".=...."C

0010 c0 a8 0c 02 c0 a8 0c 01 02 03 01 02 fc 08 00 02 ................

0020 00 00 00 3c 00 b4 ...<..

Hope this helps,

Hey Thank you, I think it might do the trick.

Thank you.

Unfortunately, Ethereal doesn't seem to know hos to interpret the EGP packets.

I'm attaching a capture files with a bit more records.

Hope this helps,

This is going to sound so stupid, I think I crafted it right the whole time. I look at this cap and its exactly how I did it. I did not realize that ethereal could not properly read EGP. Good thing cause I was going to check the source of Ethereal and get the specs for EGP too. I really appreciate your time. Your the best!!