Solved

Need to capture Rip v.1 traffic with WireShark.

Posted on 2014-12-29
7
186 Views
Last Modified: 2014-12-29
My company sells a network device that was developed many years ago that supports RIP v.1.  A customer is complaining that the device is responding to RIP v.1 broadcast even though he is not using RIP.  The customer is using WireShark.  We have created a new software version for this customer and removed RIP.  I’ve been asked to confirm that it no longer creates any RIP traffic.  I figured that this would be easy enough.  I planned on digging up an old router that uses RIP v.1 and put it on a network with our device and capture packets.  The problem is that I have not been able to capture any RIP traffic.  (I am not having a problem capturing with WireShark in general.) I am using an Adtran NetVanta 1224STR as my router; I turned on Rip v.1.  I’ve also tried plugging in several old consumer grade routers into the network that support RIP v.1 but I have not been able to capture any RIP traffic.

My lack of knowledge in this area should be evident at this point.  I need to capture a RIP v.1 broadcast coming from a router on the same network as our in house device.  Any help would be appreciated.
0
Comment
Question by:HankCash
  • 3
  • 2
  • 2
7 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 40521890
As long as your PC is on the same layer 2 network you should see the RIP broadcasts.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40521908
giltjr is spot on.  If both devices (your companies and the Netgear) are connected to the same network as your PC running Wireshark, you should see RIP packets.

But, if the Netgear isn't configured for RIP, then it won't send any RIP packets.  And since you've modified your device to not send RIP packets, that could explain why you're not seeing anything.
0
 

Author Comment

by:HankCash
ID: 40522113
Yes, it seems so simple but I have not seen any RIP packets.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 40522196
On the NetVanta do you have at least two unique IP networks (say IPNET1 and IPNET2), that are two totally different classfull networks.

Is the L3 interface for the IP network (say IPNET1) you are on configured for RIP?
Is the RIP configured to broadcast IPNET2 through IPNET1?
0
 

Author Comment

by:HankCash
ID: 40522270
I only have one network configured. I will configure a second network and post back.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40522349
There's your problem. You need a second network (that is operational) to advertise.
0
 

Author Comment

by:HankCash
ID: 40522808
Thanks for replies.  Besides not having a second IP network, I also missed the part where I needed to explicitly identify the networks that I wanted RIP to broadcast.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now