Tag Archives: ProfiShark

Basic IPv6 Messages (v2): Wireshark Captures

IPv6, Memorandum, , , , , , , , , , ,

In my IPv6 classes, I always teach the basic IPv6 messages as seen on the wire. There’s so much new stuff, such as Router Advertisements, Duplicate Address Detections, Neighbour Solicitations, and so on. Therefore, I’m using a rather simple packet capture showing the starting process of a client getting its addresses.

For the last 10 years, I used this capture, which I took on a Knoppix Linux along with a German Speedport router, in which SLAAC was used for getting the addresses. However, it turned out that in enterprise-grade networks, stateful DHCPv6 is used more commonly. Hence, I did it again and captured the very first IPv6 messages as seen on an IPv6 node, but this time on a Windows 11 PC and a Debian 13, along with stateful DHCPv6.

Continue reading Basic IPv6 Messages (v2): Wireshark Captures

Protocol Independent Multicast (PIM) Capture

Routing, , , , , , , , , , ,

You never stop learning. One topic that hadn’t crossed my path in the past decade is: Multicast. Whew. Alongside all the technical literature, online presentations, and various blog posts, I decided to approach it the classic way – through packet captures. ;)

So here’s a new part of the #UltimatePCAP, which contains quite a bit of PIM traffic, including Hello, Join/Prune, Register (via unicast!), and more. Of course, for IPv6 and legacy IP (IPv4). Let’s have a look:

Continue reading Protocol Independent Multicast (PIM) Capture

Don’t Trust Packet Captures on Firewalls

Packet Capture, , , ,

The other day, I was troubleshooting some network-related stuff, using the built-in Packet Capture on a Palo Alto Networks firewall. And while it did the job at a first glance, I stumbled upon some packets that were simply not correct, read: were not present on the Ethernet cable at all and/or were missing some content.

This proves again what the TAP vendors always claim: Don’t use internal packet captures / SPAN ports at all when you’re really serious about the truth. You MUST use network TAPs!

Continue reading Don’t Trust Packet Captures on Firewalls

Palo vs. PlayStation: How a Security Feature Blocked Our PlayStation Updates

Palo Alto Networks, , , , , ,

For a few weeks, our PlayStation stopped downloading game updates. I figured it was just a temporary issue with the PS4. Since it didn’t affect me directly but only the kids, I didn’t pay much attention at first. I planned to wait for a firmware update from Sony. When such an update eventually came but didn’t solve the issue, I started getting suspicious – especially when I found almost no relevant results online for the official error code, which reads “(HTTP Status Code : 416) (CE-40862-0)”.

After conducting further detailed searches, I finally came across a post in the Palo Alto Networks LIVEcommunity. That definitely caught my attention. If there’s one thing that sets my home network apart from most “normal” households, it’s the fact that I have a Palo Alto firewall running – not your average consumer-grade router. 😂

Continue reading Palo vs. PlayStation: How a Security Feature Blocked Our PlayStation Updates

Dual-Stack PPPoE on a FortiGate Firewall

Fortinet, Internet Access, IPv6, , , , , , ,

You can use a FortiGate to connect to the Internet (that is: Dual-Stack!) directly in various ways. In my current setup, I’m using a PPPoE residential xDLS connection. It’s not that easy to configure everything correctly since it requires the use of many different protocols such as PPPoE and PPPoEv6 (PPP IPV6CP) along with DHCPv6-PD. But here it is:

Continue reading Dual-Stack PPPoE on a FortiGate Firewall

Dual-Stack PPPoE on a Palo Alto Firewall

Internet Access, IPv6, Palo Alto Networks, , , , , , ,

If you want to establish an Internet connection (that is: IPv6 and IPv4) right away from your firewall through xDSL connections, you need quite some technologies: PPPoE and PPPoEv6 (PPP IPV6CP) along with DHCPv6-PD. Fortunately, with PAN-OS 11.0 and 11.1, those missing IPv6 links were finally added by PANW to their Strata firewalls. (I have been awaiting them since 2015!)

So, here it is: Connecting a Palo through an xDSL modem to a residential ISP:

Continue reading Dual-Stack PPPoE on a Palo Alto Firewall

Verbindungsaufbau Deutsche Glasfaser

DHCP/DHCPv6, Internet Access, IPv6, Memorandum, , , , , , , , ,

Als netzwerktechnisches Spielkind beschäftige ich mich nicht nur mit den Netzwerken großer Firmenumgebungen, sondern auch mit meinem eigenen Anschluss daheim. Vor vielen Jahren habe ich dem echten Dual-Stack Anschluss der Deutschen Telekom mal auf die Finger geguckt – heute ist die Variante der Deutschen Glasfaser an der Reihe, welches zwar ein Dual Stack, aber ohne eigene öffentliche IPv4 Adresse ist. Quasi ein halbes DS-Lite. Kernfrage für mich war: Kann ich die Fritzbox (mit ihren mitgelieferten Presets für verschiedene ISPs) durch eine echte Enterprise-Firewall ersetzen, die ja leider nicht unbedingt alle Sprecharten wie PPPoE im Subinterface oder PPP IPv6CP unterstützen.

TL;DR: DHCP, DHCPv6-PD, RA.

Continue reading Verbindungsaufbau Deutsche Glasfaser

Stateful DHCPv6 Capture (along with Relaying)

DHCP/DHCPv6, IPv6, , , , , , ,

For my IPv6 training classes, I was missing a capture of a stateful DHCPv6 address assignment. That is: M-flag within the RA, followed by DHCPv6 messages handing out an IPv6 address among others. Therefore, I set up a DHCPv6 server on an Infoblox grid and furthermore used a Palo Alto NGFW as a DHCPv6 relay to it. I captured on two points: from the client’s point of view (getting to the relay) and from the server’s point of view (unicast messages from the relay). And since I was already there anyway, I additionally captured the same process for DHCPv4. So, here we go:

Continue reading Stateful DHCPv6 Capture (along with Relaying)

Capturing – because I can: IS-IS, GLBP, VRRP

Cisco Systems, Network, Routing, , , , , , , ,

I am constantly trying to add more protocols to the Ultimate PCAP. Hence I used some time in my (old) Cisco lab to configure and capture the following protocols: IS-IS, GLBP, and VRRP. And since Alexis La Goutte sent me some CAPWAP traffic, this protocol is also added. All packets are now found in another update of the Ultimate PCAP. Here are some details:

Continue reading Capturing – because I can: IS-IS, GLBP, VRRP

Incorrect Working IPv6 NTP Clients/Networks

IPv6, NTP, , , , , , , ,

During my analysis of NTP and its traffic to my NTP servers listed in the NTP Pool Project I discovered many ICMP error messages coming back to my servers such as port unreachables, address unreachables, time exceeded or administratively prohibited. Strange. In summary, more than 3 % of IPv6-enabled NTP clients failed in getting answers from my servers. Let’s have a closer look:

Continue reading Incorrect Working IPv6 NTP Clients/Networks

My Network Gadgets

Memorandum, Network, Packet Capture, Profitap, , , , , , , , , , , , , ,

This post is not about software but hardware tools for network admins. Which network gadgets am I using during my daily business? At least three, namely the Airconsole, the Pockethernet and the ProfiShark, which help me in connecting to serial ports, testing basic network connectivity, and capturing packets in a high professional way. Come in and have a look at how I’m working.

Continue reading My Network Gadgets

EIGRP Capture

Cisco Systems, IPv6, Routing, , , , , , , , ,

And again: Here comes a pcapng capture taken for the dynamic routing protocol EIGRP. If you want to dig into EIGRP messages, download the trace file and browse around it with Wireshark. Since I used both Internet Protocols (IPv6 and legacy IP), MD5 authentication, route redistribution, etc., you can find many different messages in it.

Continue reading EIGRP Capture

OSPFv3 with IPsec Authentication

Authentication, Cisco Systems, IPsec/VPN, IPv6, Routing, , , , , , , , , , , , , ,

Here comes a small lab consisting of three Cisco routers in which I used OSPFv3 for IPv6 with IPsec authentication. I am listing the configuration commands and some show commands. Furthermore, I am publishing a pcapng file so that you can have a look at it with Wireshark by yourself.

Continue reading OSPFv3 with IPsec Authentication

OSPFv2 Capture

Authentication, Cisco Systems, Routing, , , , , , , , ,

I already had an OSPFv2 for IPv4 lab on my blog. However, I missed capturing a pcap file in order to publish it. So, here it is. Feel free to have a look at another small lab with three Cisco routers and OSPFv2. Just another pcapng file to practise some protocol and Wireshark skills.

Continue reading OSPFv2 Capture