EIGRP Capture

And again: Here comes a pcapng capture taken for the dynamic routing protocol EIGRP. If you want to dig into EIGRP messages, download the trace file and browse around it with Wireshark. Since I used both Internet Protocols (IPv6 and legacy IP), MD5 authentication, route redistribution, etc., you can find many different messages in it.

This capture file represents my dual-stack EIGRP lab from my previous blogpost. I captured it using my ProfiShark 1G portable TAP at R2’s fa0/1 interface. Here it is (zipped):

For both Internet protocols the neighborships are formed separately. The two involved routers are: (Note that IPv6 uses link-local addresses.)

  • R2:  FE80::21A:6CFF:FEA1:2B99 and 192.168.127.1
  • R3:  FE80::214:69FF:FE9E:1140 and 192.168.127.2

Using Wireshark you can dive into the details, such as the MD5 authentication or the advertised routes for either IPv6 or legacy IP. Also note that EIGRP is no TCP/UDP protocol (hence no values in my Wireshark columns for source/destination port or TCP/UDP streams) but an own IP protocol with number 88, refer to the IANA Protocol Numbers.

For more posts about routing/switching you can follow the Routing” or “Switching” categories concerning various firewall/router vendors, or the “Cisco Router“/”Cisco Switch” tags for posts related to Cisco stuff.

Featured image “Cachalejos” by Rodrigo Tejeda is licensed under CC BY-NC-ND 2.0.

Leave a Reply

Your email address will not be published. Required fields are marked *