OSPF: Open Shortest Path First
layer 3 OSPF routing
Reversed Network Infrastructure from ospfV2 Hello messages
Contents
Introduction
Open Shortest Path First (OSPF) is an interior routing protocol based on Dijkstra’s algorithm.
Besides flow and packet information, the ospfDecode plugin also produces three extra summary files for version 2 (IPv4) and version 3 (IPv6). These summary files allow the reconstruction of the network under investigation.
Preparation
First, restore T2 into a pristine state by removing all unnecessary or older plugins from the plugin folder ~/.tranalyzer/plugins:
t2build -e -y
Are you sure you want to empty the plugin folder '/home/wurst/.tranalyzer/plugins' (y/N)? yes
Plugin folder emptied
Then compile the core (tranalyzer2) and the following plugins:
t2build tranalyzer2 basicFlow ospfDecode txtSink
...
BUILD SUCCESSFUL
If you did not create a separate data and results directory yet, please do it now in another bash window, that facilitates your workflow:
mkdir ~/data ~/results
The sample PCAPs for version and versions 2 and 3 used in this tutorial can be downloaded here:
- ospfv2 multi area pcap
- ospfV23_opftry.pcap (provided with the courtesy of Openfactory GmbH. So thanks from the Anteater!)
Please save them in your ~/data folder.
Now you are all set for analyzing OSPF traffic!
OSPF flow config
The configuration of ospfDecode allows you to define the representation of IPs, OSPF types in all files, or activate certain output. Let’s have a look.
ospfDecode
vi src/ospfDecode.h
...
/* ========================================================================== */
/* ------------------------ USER CONFIGURATION FLAGS ------------------------ */
/* ========================================================================== */
#define OSPF_OUTPUT_HLO 1 // output hello message file
#define OSPF_OUTPUT_DBD 1 // output database message file
#define OSPF_OUTPUT_MSG 1 // output all other message file
#define OSPF_OUTPUT_STATS 1 // output statistics file
#define OSPF_MASK_AS_IP 1 // Netmasks representation:
// 0: hex,
// 1: IPv4
#define OSPF_AREA_AS_IP 0 // Areas representation:
// 0: int,
// 1: IPv4,
// 2: hex
#define OSPF_LSID_AS_IP 1 // Link State ID representation:
// 0: int,
// 1: IPv4
#define OSPF_TYP_STR 1 // Message type representation:
// 0: aggregated hex bitfield
// 1: list of strings
#define OSPF_LSTYP_STR 1 // LS type representation:
// 0: int
// 1: string
#define OSPF_NEIGMAX 10 // Maximum number of neighbors to store
#define OSPF_NUMTYP 10 // Maximum number of LS types to store (require OSPF_TYP_STR == 1)
/* +++++++++++++++++++++ ENV / RUNTIME - conf Variables +++++++++++++++++++++ */
// Suffixes for output files
#define OSPF_SUFFIX "_ospfStats.txt"
#define OSPF_HELLO_SUFFIX "_ospfHello.txt" // OSPFv2/3 hello messages
#define OSPF_DBD_SUFFIX "_ospfDBD.txt" // OSPFv2/3 database description (routing tables)
#define OSPF_MSG_SUFFIX "_ospf2Msg.txt" // All other messages from OSPFv2 (Link State Request/Update/Ack)
#define OSPF3_MSG_SUFFIX "_ospf3Msg.txt" // All other messages from OSPFv3 (Link State Request/Update/Ack)
/* ========================================================================== */
/* ------------------------- DO NOT EDIT BELOW HERE ------------------------- */
/* ========================================================================== */
...The first three switches control the output of hello, database and message global files. If you switch them off, none will be generated.
These files contain vital information to reverse engineer the network and its operation.
If you are only interested in flow files, switch them off by setting the constants to 0.
The next three control the format of MASK, AREA and LSID numbers inf the said three files. The default is set to a standard representation. The LS type can be represented as integer or string.
Last, the number of neighbor and type output in the flow file can be configured.
You may reconfigure that with t2conf or just edit the file. We leave it at the default
value for this tutorial as we like to show all capabilities of the plugin.
Now run t2 on the pcap using the -s packet option.
t2 -r ~/data/ospfV2Multi.pcap -w ~/results/ -s
The end report status variables give an early indication of the content of the pcap at hand and whether errors have been detected.
tawk -V ospfStatThe ospfStat column is to be interpreted as follows: bit | ospfStat | Description ============================================================================= 0 | 0x01 | OSPF detected 1 | 0x02 | OSPFv2 message had invalid TTL (!= 0) 2 | 0x04 | OSPFv2 message had invalid destination 3 | 0x08 | OSPF message had invalid type 4 | 0x10 | OSPF unknown version 5 | 0x20 | - 6 | 0x40 | - 37 | 0x80 | OSPF message was malformed (snapped, covert channels?, ...)
The type bit field tells you about the completeness of your pcap and the origin of the sniffer. If here is something missing you expected, then you should first ask where in the network the traffic was acquired.
tawk -V ospfType=0x3e
The ospfType column with value 0x3e is to be interpreted as follows:
bit | ospfType | Description
=============================================================================
1 | 0x02 | OSPF Hello
2 | 0x04 | OSPF Database Description
3 | 0x08 | OSPF LS Request
4 | 0x10 | OSPF LS Update
5 | 0x20 | OSPF Acknowledge
In the results directory you find additional global files:
| _ospfStats.txt | OSPFv2&3: packet statistics for types and LS types |
| _ospfHello.txt | OSPFv2&3: Hello messages for network reversing |
| _ospfDBD.txt | OSPFv2&3: Database messages for troubleshooting and router info correlation |
| _ospf2Msg.txt | OSPFv2: LS Update messages necessary for correlation with Hello & DBD |
| _ospf3Msg.txt | OSPFv3: LS Update messages necessary for correlation with Hello & DBD |
Have a look into the directory this is how it looks like in the default configuration:
ls ~/results
ospfV2Multi_flows.txt ospfV2Multi_headers.txt ospfV2Multi_ospf2Msg.txt ospfV2Multi_ospf3Msg.txt ospfV2Multi_ospfDBD.txt ospfV2Multi_ospfHello.txt ospfV2Multi_ospfStats.txt ospfV2Multi_packets.txt
The global status file gives an overview about the occurrence of different OSPF versions, packet types and LS types. After some time you have a feeling for normal relative counts in your network. If that is off, then something is about to get wrong. As we have no OSPFv3 traffic, the report is empty.
cat ~/results/ospfV2Multi_ospfStats.txt
Number of OSPF packets: 206 [100.00%]
Number of OSPFv2 packets: 206 [100.00%]
Number of OSPFv2 multicast packets: 200 [97.09%]
Number of OSPFv2 packets with null authentication: 206 [100.00%]
OSPFv2 Link State Request / Update ratio: 0.000
OSPFv2 Link State Update / Acknowledgment ratio: 2.375
OSPFv3 Link State Request / Update ratio: 0.000
OSPFv3 Link State Update / Acknowledgment ratio: 0.000
# OSPFv2 Type Packets
Hello 179 [ 86.89%]
LSUp 19 [ 9.22%]
LSAck 8 [ 3.88%]
# OSPFv3 Type Packets
# OSPFv2 LS Type Count
Router_1 21
Network_2 7
# OSPFv3 LS Type CountThe flow file contains according to default config a list of important header and content; especially the password is interesting, if present. Source routers and neighbors are interesting if you do not want to look into the Hello file.
tcol ~/results/ospfV2Multi_flows.txt
%dir flowInd flowStat timeFirst timeLast duration numHdrDesc numHdrs hdrDesc srcMac dstMac ethType ethVlanID srcIP srcIPCC srcIPOrg srcPort dstIP dstIPCC dstIPOrg dstPort l4Proto ospfStat ospfVersion ospfType ospfLSType ospfAuType ospfAuPass ospfArea ospfSrcRtr ospfBkupRtr ospfNeighbors
A 11 0x0400000000004000 1191184701.968615 1191184707.448402 5.479787 1 3 eth:ipv4:ospf 00:11:21:3b:01:f8 00:11:21:3b:07:26 0x0800 192.168.10.6 07 "Private network" 0 192.168.10.5 07 "Private network" 0 89 0x01 2 DBD;LSReq;LSUp 0x0000000000000002 0x0001 0 192.168.10.10 0.0.0.0
B 11 0x0400000000004001 1191184701.970131 1191184707.108175 5.138044 1 3 eth:ipv4:ospf 00:11:21:3b:07:26 00:11:21:3b:01:f8 0x0800 192.168.10.5 07 "Private network" 0 192.168.10.6 07 "Private network" 0 89 0x01 2 DBD;LSReq;LSUp 0x0000000000000002 0x0001 0 192.168.10.5 0.0.0.0
A 10 0x0400000000004000 1191184701.928314 1191184720.791423 18.863109 1 3 eth:ipv4:ospf 00:11:21:3b:07:26 00:11:21:3a:f4:d2 0x0800 192.168.10.1 07 "Private network" 0 192.168.10.2 07 "Private network" 0 89 0x01 2 DBD;LSReq;LSUp 0x0000000000000006 0x0001 0 192.168.10.5 0.0.0.0
B 10 0x0400000000004001 1191184715.443857 1191184720.859486 5.415629 1 3 eth:ipv4:ospf 00:11:21:3a:f4:d2 00:11:21:3b:07:26 0x0800 192.168.10.2 07 "Private network" 0 192.168.10.1 07 "Private network" 0 89 0x01 2 DBD;LSReq;LSUp 0x0000000000000002 0x0001 0 192.168.10.9 0.0.0.0
A 12 0x0400000000004000 1191184720.403377 1191184733.300394 12.897017 1 3 eth:ipv4:ospf 00:11:21:3a:f4:d2 00:11:21:3b:01:f8 0x0800 192.168.9.1 07 "Private network" 0 192.168.9.2 07 "Private network" 0 89 0x01 2 DBD 0x0000000000000000 0x0001 0 192.168.10.9 0.0.0.0
B 12 0x0400000000004001 1191184733.291209 1191184733.298747 0.007538 1 3 eth:ipv4:ospf 00:11:21:3b:01:f8 00:11:21:3a:f4:d2 0x0800 192.168.9.2 07 "Private network" 0 192.168.9.1 07 "Private network" 0 89 0x01 2 DBD 0x0000000000000000 0x0001 0 192.168.10.10 0.0.0.0
A 13 0x0400000000004000 1191184720.479501 1191184733.381503 12.902002 1 3 eth:ipv4:ospf 00:11:21:3a:f4:d2 00:11:21:3b:01:f8 0x0800 192.168.10.9 07 "Private network" 0 192.168.10.10 07 "Private network" 0 89 0x01 2 DBD 0x0000000000000000 0x0001 0 192.168.10.9 0.0.0.0
B 13 0x0400000000004001 1191184733.371293 1191184733.379527 0.008234 1 3 eth:ipv4:ospf 00:11:21:3b:01:f8 00:11:21:3a:f4:d2 0x0800 192.168.10.10 07 "Private network" 0 192.168.10.9 07 "Private network" 0 89 0x01 2 DBD 0x0000000000000000 0x0001 0 192.168.10.10 0.0.0.0
A 7 0x0400000000004000 1191184693.296123 1191185273.266108 579.969985 1 3 eth:ipv4:ospf 00:11:21:3b:01:f8 01:00:5e:00:00:05 0x0800 192.168.9.2 07 "Private network" 0 224.0.0.5 10 "OSPFIGP All Routers" 0 89 0x01 2 Hello;LSUp 0x0000000000000006 0x0001 0 192.168.10.10 192.168.9.1 192.168.10.9
A 8 0x0400000000004000 1191184693.336610 1191185273.310219 579.973609 1 3 eth:ipv4:ospf 00:11:21:3b:01:f8 01:00:5e:00:00:05 0x0800 192.168.10.6 07 "Private network" 0 224.0.0.5 10 "OSPFIGP All Routers" 0 89 0x01 2 Hello;LSUp;LSAck 0x0000000000000006 0x0001 0 192.168.10.10 192.168.10.6 192.168.10.5
A 9 0x0400000000004000 1191184693.375943 1191185273.350306 579.974363 1 3 eth:ipv4:ospf 00:11:21:3b:01:f8 01:00:5e:00:00:05 0x0800 192.168.10.10 07 "Private network" 0 224.0.0.5 10 "OSPFIGP All Routers" 0 89 0x01 2 Hello;LSUp;LSAck 0x0000000000000006 0x0001 0 192.168.10.10 192.168.10.9 192.168.10.9
A 4 0x0400000000004000 1191184675.408013 1191185275.379324 599.971311 1 3 eth:ipv4:ospf 00:11:21:3a:f4:d2 01:00:5e:00:00:05 0x0800 192.168.9.1 07 "Private network" 0 224.0.0.5 10 "OSPFIGP All Routers" 0 89 0x01 2 Hello;LSUp;LSAck 0x0000000000000006 0x0001 0 192.168.10.9 192.168.9.1 192.168.10.10
A 5 0x0400000000004000 1191184675.446905 1191185275.419432 599.972527 1 3 eth:ipv4:ospf 00:11:21:3a:f4:d2 01:00:5e:00:00:05 0x0800 192.168.10.2 07 "Private network" 0 224.0.0.5 10 "OSPFIGP All Routers" 0 89 0x01 2 Hello;LSUp;LSAck 0x0000000000000006 0x0001 0 192.168.10.9 192.168.10.1 192.168.10.5
A 6 0x0400000000004000 1191184675.483847 1191185275.455436 599.971589 1 3 eth:ipv4:ospf 00:11:21:3a:f4:d2 01:00:5e:00:00:05 0x0800 192.168.10.9 07 "Private network" 0 224.0.0.5 10 "OSPFIGP All Routers" 0 89 0x01 2 Hello;LSUp;LSAck 0x0000000000000002 0x0001 0 192.168.10.9 192.168.10.9 192.168.10.10
A 1 0x0400000000004000 1191184656.892601 1191185276.860545 619.967944 1 3 eth:ipv4:ospf 00:11:21:3b:07:26 01:00:5e:00:00:05 0x0800 192.168.8.1 07 "Private network" 0 224.0.0.5 10 "OSPFIGP All Routers" 0 89 0x01 2 Hello 0x0000000000000000 0x0001 0 192.168.10.5 0.0.0.0
A 2 0x0400000000004000 1191184656.930801 1191185276.900648 619.969847 1 3 eth:ipv4:ospf 00:11:21:3b:07:26 01:00:5e:00:00:05 0x0800 192.168.10.1 07 "Private network" 0 224.0.0.5 10 "OSPFIGP All Routers" 0 89 0x01 2 Hello;LSUp;LSAck 0x0000000000000006 0x0001 0 192.168.10.5 192.168.10.1 192.168.10.9
A 3 0x0400000000004000 1191184656.971069 1191185276.940664 619.969595 1 3 eth:ipv4:ospf 00:11:21:3b:07:26 01:00:5e:00:00:05 0x0800 192.168.10.5 07 "Private network" 0 224.0.0.5 10 "OSPFIGP All Routers" 0 89 0x01 2 Hello;LSUp;LSAck 0x0000000000000006 0x0001 0 192.168.10.5 192.168.10.6 192.168.10.10
...The packet file also contains information from the header so that one can track the messaging from packet to packet.
tcol ~/results/ospfV2Multi_packets.txt
%pktNo flowInd flowStat time pktIAT pktTrip flowDuration numHdrs hdrDesc ethVlanID srcMac dstMac ethType srcIP srcIPCC srcIPOrg srcPort dstIP dstIPCC dstIPOrg dstPort l4Proto ospfStat ospfVersion ospfArea ospfType ospfLSType l7Content
1 1 0x0400000000004000 1191184656.892601 0.000000 0.000000 0.000000 3 eth:ipv4:ospf 00:11:21:3b:07:26 01:00:5e:00:00:05 0x0800 192.168.8.1 07 Private network 224.0.0.5 10 OSPFIGP All Routers 89 0x01 2 0 Hello 0x0000000000000000 .....\n.....(....................
2 2 0x0400000000004000 1191184656.930801 0.000000 0.000000 0.000000 3 eth:ipv4:ospf 00:11:21:3b:07:26 01:00:5e:00:00:05 0x0800 192.168.10.1 07 Private network 224.0.0.5 10 OSPFIGP All Routers 89 0x01 2 0 Hello 0x0000000000000000 .....\n.....(....................
3 3 0x0400000000004000 1191184656.971069 0.000000 0.000000 0.000000 3 eth:ipv4:ospf 00:11:21:3b:07:26 01:00:5e:00:00:05 0x0800 192.168.10.5 07 Private network 224.0.0.5 10 OSPFIGP All Routers 89 0x01 2 0 Hello 0x0000000000000000 .....\n.....(....................
4 1 0x0400000000004000 1191184666.889746 9.997145 0.000000 9.997145 3 eth:ipv4:ospf 00:11:21:3b:07:26 01:00:5e:00:00:05 0x0800 192.168.8.1 07 Private network 224.0.0.5 10 OSPFIGP All Routers 89 0x01 2 0 Hello 0x0000000000000000 .....\n.....(....................
5 2 0x0400000000004000 1191184666.929838 9.999037 0.000000 9.999037 3 eth:ipv4:ospf 00:11:21:3b:07:26 01:00:5e:00:00:05 0x0800 192.168.10.1 07 Private network 224.0.0.5 10 OSPFIGP All Routers 89 0x01 2 0 Hello 0x0000000000000000 .....\n.....(....................
6 3 0x0400000000004000 1191184666.969859 9.998790 0.000000 9.998790 3 eth:ipv4:ospf 00:11:21:3b:07:26 01:00:5e:00:00:05 0x0800 192.168.10.5 07 Private network 224.0.0.5 10 OSPFIGP All Routers 89 0x01 2 0 Hello 0x0000000000000000 .....\n.....(....................
7 4 0x0400000000004000 1191184675.408013 0.000000 0.000000 0.000000 3 eth:ipv4:ospf 00:11:21:3a:f4:d2 01:00:5e:00:00:05 0x0800 192.168.9.1 07 Private network 224.0.0.5 10 OSPFIGP All Routers 89 0x01 2 0 Hello 0x0000000000000000 .....\n.....(....................
8 5 0x0400000000004000 1191184675.446905 0.000000 0.000000 0.000000 3 eth:ipv4:ospf 00:11:21:3a:f4:d2 01:00:5e:00:00:05 0x0800 192.168.10.2 07 Private network 224.0.0.5 10 OSPFIGP All Routers 89 0x01 2 0 Hello 0x0000000000000000 .....\n.....(....................
9 6 0x0400000000004000 1191184675.483847 0.000000 0.000000 0.000000 3 eth:ipv4:ospf 00:11:21:3a:f4:d2 01:00:5e:00:00:05 0x0800 192.168.10.9 07 Private network 224.0.0.5 10 OSPFIGP All Routers 89 0x01 2 0 Hello 0x0000000000000000 .....\n.....(....................
10 1 0x0400000000004000 1191184676.889265 9.999519 0.000000 19.996664 3 eth:ipv4:ospf 00:11:21:3b:07:26 01:00:5e:00:00:05 0x0800 192.168.8.1 07 Private network 224.0.0.5 10 OSPFIGP All Routers 89 0x01 2 0 Hello 0x0000000000000000 .....\n.....(....................
11 2 0x0400000000004000 1191184676.929454 9.999616 0.000000 19.998653 3 eth:ipv4:ospf 00:11:21:3b:07:26 01:00:5e:00:00:05 0x0800 192.168.10.1 07 Private network 224.0.0.5 10 OSPFIGP All Routers 89 0x01 2 0 Hello 0x0000000000000000 .....\n.....(..........\n\t............
12 3 0x0400000000004000 1191184676.969376 9.999517 0.000000 19.998306 3 eth:ipv4:ospf 00:11:21:3b:07:26 01:00:5e:00:00:05 0x0800 192.168.10.5 07 Private network 224.0.0.5 10 OSPFIGP All Routers 89 0x01 2 0 Hello 0x0000000000000000 .....\n.....(....................
13 4 0x0400000000004000 1191184685.404754 9.996741 0.000000 9.996741 3 eth:ipv4:ospf 00:11:21:3a:f4:d2 01:00:5e:00:00:05 0x0800 192.168.9.1 07 Private network 224.0.0.5 10 OSPFIGP All Routers 89 0x01 2 0 Hello 0x0000000000000000 .....\n.....(....................
14 5 0x0400000000004000 1191184685.444969 9.998064 0.000000 9.998064 3 eth:ipv4:ospf 00:11:21:3a:f4:d2 01:00:5e:00:00:05 0x0800 192.168.10.2 07 Private network 224.0.0.5 10 OSPFIGP All Routers 89 0x01 2 0 Hello 0x0000000000000000 .....\n.....(..........\n.............
15 6 0x0400000000004000 1191184685.481082 9.997235 0.000000 9.997235 3 eth:ipv4:ospf 00:11:21:3a:f4:d2 01:00:5e:00:00:05 0x0800 192.168.10.9 07 Private network 224.0.0.5 10 OSPFIGP All Routers 89 0x01 2 0 Hello 0x0000000000000000 .....\n.....(....................
16 1 0x0400000000004000 1191184686.888787 9.999522 0.000000 29.996185 3 eth:ipv4:ospf 00:11:21:3b:07:26 01:00:5e:00:00:05 0x0800 192.168.8.1 07 Private network 224.0.0.5 10 OSPFIGP All Routers 89 0x01 2 0 Hello 0x0000000000000000 .....\n.....(....................
17 2 0x0400000000004000 1191184686.928885 9.999431 0.000000 29.998083 3 eth:ipv4:ospf 00:11:21:3b:07:26 01:00:5e:00:00:05 0x0800 192.168.10.1 07 Private network 224.0.0.5 10 OSPFIGP All Routers 89 0x01 2 0 Hello 0x0000000000000000 .....\n.....(..........\n\t............
18 3 0x0400000000004000 1191184686.968900 9.999524 0.000000 29.997831 3 eth:ipv4:ospf 00:11:21:3b:07:26 01:00:5e:00:00:05 0x0800 192.168.10.5 07 Private network 224.0.0.5 10 OSPFIGP All Routers 89 0x01 2 0 Hello 0x0000000000000000 .....\n.....(....................
19 7 0x0400000000004000 1191184693.296123 0.000000 0.000000 0.000000 3 eth:ipv4:ospf 00:11:21:3b:01:f8 01:00:5e:00:00:05 0x0800 192.168.9.2 07 Private network 224.0.0.5 10 OSPFIGP All Routers 89 0x01 2 0 Hello 0x0000000000000000 .....\n.....(....................
...Now we go into more detail.
Network info and reversing with global hello type files
The special global files contain more information than the flow and packet files, as they can be used to extract architectural and troubleshooting information.
tcol ~/results/ospfV2Multi_ospfHello.txt
NumPkts Ver AreaID SrcOSPRtr SrcIP Netmask Network IntID RtrPrio Opt HelloInt RtrDInt DRtr BkupRtr NumNeigh Neighbors
1 2 0 192.168.10.5 192.168.8.1 255.255.255.0 192.168.8.0 - 1 0x00000012 10 40 0.0.0.0 0.0.0.0 0
2 2 0 192.168.10.5 192.168.10.1 255.255.255.252 192.168.10.0 - 1 0x00000012 10 40 0.0.0.0 0.0.0.0 0
...
26 2 0 192.168.10.5 192.168.10.1 255.255.255.252 192.168.10.0 - 1 0x00000012 10 40 192.168.10.2 192.168.10.2 1 192.168.10.9
27 2 0 192.168.10.5 192.168.10.5 255.255.255.252 192.168.10.4 - 1 0x00000012 10 40 192.168.10.5 0.0.0.0 1 192.168.10.10
43 2 0 192.168.10.10 192.168.9.2 255.255.255.0 192.168.9.0 - 1 0x00000012 10 40 0.0.0.0 0.0.0.0 1 192.168.10.9
44 2 0 192.168.10.10 192.168.10.6 255.255.255.252 192.168.10.4 - 1 0x00000012 10 40 192.168.10.5 192.168.10.6 1 192.168.10.5
45 2 0 192.168.10.10 192.168.10.10 255.255.255.252 192.168.10.8 - 1 0x00000012 10 40 0.0.0.0 0.0.0.0 1 192.168.10.9
48 2 0 192.168.10.9 192.168.9.1 255.255.255.0 192.168.9.0 - 1 0x00000012 10 40 0.0.0.0 0.0.0.0 1 192.168.10.10
49 2 0 192.168.10.9 192.168.10.2 255.255.255.252 192.168.10.0 - 1 0x00000012 10 40 0.0.0.0 0.0.0.0 1 192.168.10.5
50 2 0 192.168.10.9 192.168.10.9 255.255.255.252 192.168.10.8 - 1 0x00000012 10 40 0.0.0.0 0.0.0.0 1 192.168.10.10
51 2 0 192.168.10.5 192.168.8.1 255.255.255.0 192.168.8.0 - 1 0x00000012 10 40 192.168.8.1 0.0.0.0 0
52 2 0 192.168.10.5 192.168.10.1 255.255.255.252 192.168.10.0 - 1 0x00000012 10 40 192.168.10.2 192.168.10.2 1 192.168.10.9
54 2 0 192.168.10.5 192.168.10.5 255.255.255.252 192.168.10.4 - 1 0x00000012 10 40 192.168.10.5 192.168.10.6 1 192.168.10.10
60 2 0 192.168.10.10 192.168.9.2 255.255.255.0 192.168.9.0 - 1 0x00000012 10 40 0.0.0.0 0.0.0.0 1 192.168.10.9
61 2 0 192.168.10.10 192.168.10.6 255.255.255.252 192.168.10.4 - 1 0x00000012 10 40 192.168.10.5 192.168.10.6 1 192.168.10.5
62 2 0 192.168.10.10 192.168.10.10 255.255.255.252 192.168.10.8 - 1 0x00000012 10 40 0.0.0.0 0.0.0.0 1 192.168.10.9
63 2 0 192.168.10.9 192.168.9.1 255.255.255.0 192.168.9.0 - 1 0x00000012 10 40 192.168.9.2 192.168.9.2 1 192.168.10.10
65 2 0 192.168.10.9 192.168.10.2 255.255.255.252 192.168.10.0 - 1 0x00000012 10 40 192.168.10.2 192.168.10.1 1 192.168.10.5
76 2 0 192.168.10.9 192.168.10.9 255.255.255.252 192.168.10.8 - 1 0x00000012 10 40 192.168.10.10 192.168.10.10 1 192.168.10.10
82 2 0 192.168.10.5 192.168.8.1 255.255.255.0 192.168.8.0 - 1 0x00000012 10 40 192.168.8.1 0.0.0.0 0
83 2 0 192.168.10.5 192.168.10.1 255.255.255.252 192.168.10.0 - 1 0x00000012 10 40 192.168.10.2 192.168.10.1 1 192.168.10.9
84 2 0 192.168.10.5 192.168.10.5 255.255.255.252 192.168.10.4 - 1 0x00000012 10 40 192.168.10.5 192.168.10.6 1 192.168.10.10
94 2 0 192.168.10.10 192.168.9.2 255.255.255.0 192.168.9.0 - 1 0x00000012 10 40 0.0.0.0 0.0.0.0 1 192.168.10.9
95 2 0 192.168.10.10 192.168.10.6 255.255.255.252 192.168.10.4 - 1 0x00000012 10 40 192.168.10.5 192.168.10.6 1 192.168.10.5
98 2 0 192.168.10.10 192.168.10.10 255.255.255.252 192.168.10.8 - 1 0x00000012 10 40 0.0.0.0 0.0.0.0 1 192.168.10.9
99 2 0 192.168.10.9 192.168.9.1 255.255.255.0 192.168.9.0 - 1 0x00000012 10 40 192.168.9.2 192.168.9.2 1 192.168.10.10
...Version 2 allows the network reversing by just reading the Hello information. To that effect the Anteater provided scripts for you
ospfDecode
cd scripts
ls
dbd rospf
Hello messages can be used to discover the network topology.
Using the rospf script, a network topology summary and graphical layout will be produced:
./rospf -h
Usage:
rospf [OPTION...] <FILE_ospfHello.txt>
Optional arguments:
-p, --plot display a map of the network with dotty/xdot
-D, --no-dot do not save the map of the network as a '.dot' file
-G, --no-png do not save the map of the network as a '.png' file
-h, --help display this help, then exit
Name Area Network NET0 0 192.168.8.0/24 NET1 0 192.168.9.0/24 NET2 0 192.168.10.0/30 NET3 0 192.168.10.4/30 NET4 0 192.168.10.8/30 Router Interface_n Network_n R0 192.168.10.10 NET4 192.168.10.6 NET3 192.168.9.2 NET1 R1 192.168.10.5 NET3 192.168.10.1 NET2 192.168.8.1 NET0 R2 192.168.10.9 NET4 192.168.10.2 NET2 192.168.9.1 NET1 Router Connected Routers R0 R1 R2 R1 R0 R2 R2 R0 R1 Saved '/home/wurst/results/ospfV2Multi_ospfHello.dot' Successfully generated '/home/wurst/results/ospfV2Multi_ospfHello.png'
Over time we will add more details
Network info and reversing with global database type files
Apply the dbd script to the resulting *_ospfDBD.txt* file and you have your familiar
Cisco output to the command: show ip ospf database
./dbd -h
Usage:
dbd [OPTION...] <FILE_ospfDBD.txt>
Optional arguments:
-h display this help, then exit./dbd ~/results/ospfV2Multi_ospfDBD.txt
tcol ~/results/ospfV2Multi_ospfDBD.txtOSPF Router with ID (192.168.10.10) Router Link States (Area 0) LSLinkID ADVRouter Age Seq# Checksum 192.168.10.10 192.168.10.10 30 0x80000002 0x2d0b 192.168.10.5 192.168.10.5 18 0x80000003 0x8b47 192.168.10.9 192.168.10.9 18 0x80000002 0x92ae Net Link States (Area 0) LSLinkID ADVRouter Age Seq# Checksum 192.168.10.2 192.168.10.9 19 0x80000001 0x094d 192.168.10.5 192.168.10.5 31 0x80000001 0x2135 Summary Net Link States (Area 0) LSLinkID ADVRouter Age Seq# Checksum EMPTY OSPF Router with ID (192.168.10.5) Router Link States (Area 0) LSLinkID ADVRouter Age Seq# Checksum 192.168.10.10 192.168.10.10 12 0x80000002 0x2d0b 192.168.10.5 192.168.10.5 12 0x80000002 0xf754 Net Link States (Area 0) LSLinkID ADVRouter Age Seq# Checksum 192.168.10.5 192.168.10.5 12 0x80000001 0x2135 Summary Net Link States (Area 0) LSLinkID ADVRouter Age Seq# Checksum EMPTY OSPF Router with ID (192.168.10.9) Router Link States (Area 0) LSLinkID ADVRouter Age Seq# Checksum 192.168.10.10 192.168.10.10 31 0x80000002 0x2d0b 192.168.10.5 192.168.10.5 17 0x80000003 0x8b47 192.168.10.9 192.168.10.9 17 0x80000002 0x92ae Net Link States (Area 0) LSLinkID ADVRouter Age Seq# Checksum 192.168.10.2 192.168.10.9 17 0x80000001 0x094d 192.168.10.5 192.168.10.5 30 0x80000001 0x2135 Summary Net Link States (Area 0) LSLinkID ADVRouter Age Seq# Checksum EMPTY
So you do not need to log into your routers anymore :-)
The message file is separated into version 2 and 3 as the format of the headers and the content is different. Below is an excerpt for the message file of our pcap.
tcol ~/results/ospfV2Multi_ospf2Msg.txt
NumPkts Ver Area MsgType LSType SrcIP LSLinkID Netmask_RouterIPs ADVRouter LSAOpt LnkType Metric IfaceType LSFlgs
33 2 0 LSReq Router_1 192.168.10.6 192.168.10.5 192.168.10.5
35 2 0 LSReq Router_1 192.168.10.5 192.168.10.10 192.168.10.10
36 2 0 LSUp Router_1 192.168.10.5 192.168.10.4 255.255.255.252 192.168.10.5 0x22 Stub 1 0x00
36 2 0 LSUp Router_1 192.168.10.5 192.168.10.0 255.255.255.252 192.168.10.5 0x22 Stub 1 0x00
36 2 0 LSUp Router_1 192.168.10.5 192.168.8.0 255.255.255.0 192.168.10.5 0x22 Stub 1 0x00
38 2 0 LSUp Router_1 192.168.10.6 192.168.10.8 255.255.255.252 192.168.10.10 0x22 Stub 1 0x00
38 2 0 LSUp Router_1 192.168.10.6 192.168.10.4 255.255.255.252 192.168.10.10 0x22 Stub 1 0x00
38 2 0 LSUp Router_1 192.168.10.6 192.168.9.0 255.255.255.0 192.168.10.10 0x22 Stub 1 0x00
40 2 0 LSUp Router_1 192.168.10.5 192.168.10.5 192.168.10.5 192.168.10.5 0x22 Transit 1 0x00
40 2 0 LSUp Router_1 192.168.10.5 192.168.10.0 255.255.255.252 192.168.10.5 0x22 Stub 1 0x00
40 2 0 LSUp Router_1 192.168.10.5 192.168.8.0 255.255.255.0 192.168.10.5 0x22 Stub 1 0x00
41 2 0 LSUp Router_1 192.168.10.6 192.168.10.8 255.255.255.252 192.168.10.10 0x22 Stub 1 0x00
41 2 0 LSUp Router_1 192.168.10.6 192.168.10.5 192.168.10.6 192.168.10.10 0x22 Transit 1 0x00
41 2 0 LSUp Router_1 192.168.10.6 192.168.9.0 255.255.255.0 192.168.10.10 0x22 Stub 1 0x00
42 2 0 LSUp Network_2 192.168.10.5 192.168.10.5 255.255.255.252 192.168.10.5 0x22 192.168.10.5;192.168.10.10
46 2 0 LSAck Router_1 192.168.10.6 192.168.10.5 192.168.10.5
46 2 0 LSAck Network_2 192.168.10.6 192.168.10.5 192.168.10.5
47 2 0 LSAck Router_1 192.168.10.5 192.168.10.10 192.168.10.10
55 2 0 LSUp Router_1 192.168.10.5 192.168.10.5 192.168.10.5 192.168.10.5 0x22 Transit 1 0x00
55 2 0 LSUp Router_1 192.168.10.5 192.168.10.0 255.255.255.252 192.168.10.5 0x22 Stub 1 0x00
55 2 0 LSUp Router_1 192.168.10.5 192.168.8.0 255.255.255.0 192.168.10.5 0x22 Stub 1 0x00
56 2 0 LSUp Router_1 192.168.10.6 192.168.10.8 255.255.255.252 192.168.10.10 0x22 Stub 1 0x00
56 2 0 LSUp Router_1 192.168.10.6 192.168.10.5 192.168.10.6 192.168.10.10 0x22 Transit 1 0x00
56 2 0 LSUp Router_1 192.168.10.6 192.168.9.0 255.255.255.0 192.168.10.10 0x22 Stub 1 0x00
57 2 0 LSAck Router_1 192.168.10.6 192.168.10.5 192.168.10.5
58 2 0 LSAck Router_1 192.168.10.5 192.168.10.10 192.168.10.10
68 2 0 LSReq Router_1 192.168.10.2 192.168.10.10 192.168.10.10
68 2 0 LSReq Router_1 192.168.10.2 192.168.10.5 192.168.10.5
68 2 0 LSReq Network_2 192.168.10.2 192.168.10.5 192.168.10.5
70 2 0 LSReq Router_1 192.168.10.1 192.168.10.9 192.168.10.9
71 2 0 LSUp Router_1 192.168.10.1 192.168.10.8 255.255.255.252 192.168.10.10 0x22 Stub 1 0x00
71 2 0 LSUp Router_1 192.168.10.1 192.168.10.5 192.168.10.6 192.168.10.10 0x22 Transit 1 0x00
71 2 0 LSUp Router_1 192.168.10.1 192.168.9.0 255.255.255.0 192.168.10.10 0x22 Stub 1 0x00
71 2 0 LSUp Router_1 192.168.10.1 192.168.10.5 192.168.10.5 192.168.10.5 0x22 Transit 1 0x00
71 2 0 LSUp Router_1 192.168.10.1 192.168.10.0 255.255.255.252 192.168.10.5 0x22 Stub 1 0x00
71 2 0 LSUp Router_1 192.168.10.1 192.168.8.0 255.255.255.0 192.168.10.5 0x22 Stub 1 0x00
71 2 0 LSUp Network_2 192.168.10.1 192.168.10.5 255.255.255.252 192.168.10.5 0x22 192.168.10.5;192.168.10.10
73 2 0 LSUp Router_1 192.168.10.2 192.168.10.8 255.255.255.252 192.168.10.9 0x22 Stub 1 0x00
73 2 0 LSUp Router_1 192.168.10.2 192.168.10.0 255.255.255.252 192.168.10.9 0x22 Stub 1 0x00
73 2 0 LSUp Router_1 192.168.10.2 192.168.9.0 255.255.255.0 192.168.10.9 0x22 Stub 1 0x00
75 2 0 LSUp Router_1 192.168.10.5 192.168.10.8 255.255.255.252 192.168.10.9 0x22 Stub 1 0x00
75 2 0 LSUp Router_1 192.168.10.5 192.168.10.0 255.255.255.252 192.168.10.9 0x22 Stub 1 0x00
75 2 0 LSUp Router_1 192.168.10.5 192.168.9.0 255.255.255.0 192.168.10.9 0x22 Stub 1 0x00
77 2 0 LSUp Router_1 192.168.10.2 192.168.10.8 255.255.255.252 192.168.10.9 0x22 Stub 1 0x00
77 2 0 LSUp Router_1 192.168.10.2 192.168.10.2 192.168.10.2 192.168.10.9 0x22 Transit 1 0x00
77 2 0 LSUp Router_1 192.168.10.2 192.168.9.0 255.255.255.0 192.168.10.9 0x22 Stub 1 0x00
78 2 0 LSUp Router_1 192.168.10.5 192.168.10.5 192.168.10.5 192.168.10.5 0x22 Transit 1 0x00
78 2 0 LSUp Router_1 192.168.10.5 192.168.10.2 192.168.10.1 192.168.10.5 0x22 Transit 1 0x00
78 2 0 LSUp Router_1 192.168.10.5 192.168.8.0 255.255.255.0 192.168.10.5 0x22 Stub 1 0x00
79 2 0 LSUp Network_2 192.168.10.2 192.168.10.2 255.255.255.252 192.168.10.9 0x22 192.168.10.9;192.168.10.5
80 2 0 LSUp Router_1 192.168.10.1 192.168.10.5 192.168.10.5 192.168.10.5 0x22 Transit 1 0x00
80 2 0 LSUp Router_1 192.168.10.1 192.168.10.2 192.168.10.1 192.168.10.5 0x22 Transit 1 0x00
80 2 0 LSUp Router_1 192.168.10.1 192.168.8.0 255.255.255.0 192.168.10.5 0x22 Stub 1 0x00
81 2 0 LSUp Network_2 192.168.10.5 192.168.10.2 255.255.255.252 192.168.10.9 0x22 192.168.10.9;192.168.10.5
85 2 0 LSAck Router_1 192.168.10.1 192.168.10.9 192.168.10.9
85 2 0 LSAck Network_2 192.168.10.1 192.168.10.2 192.168.10.9
...
140 2 0 LSUp Network_2 192.168.10.10 192.168.10.10 255.255.255.252 192.168.10.10 0x22 192.168.10.10;192.168.10.9
141 2 0 LSUp Network_2 192.168.10.6 192.168.10.10 255.255.255.252 192.168.10.10 0x22 192.168.10.10;192.168.10.9
142 2 0 LSUp Network_2 192.168.9.2 192.168.10.10 255.255.255.252 192.168.10.10 0x22 192.168.10.10;192.168.10.9
143 2 0 LSUp Network_2 192.168.10.1 192.168.10.10 255.255.255.252 192.168.10.10 0x22 192.168.10.10;192.168.10.9
144 2 0 LSUp Network_2 192.168.9.1 192.168.10.10 255.255.255.252 192.168.10.10 0x22 192.168.10.10;192.168.10.9
145 2 0 LSUp Network_2 192.168.10.2 192.168.10.10 255.255.255.252 192.168.10.10 0x22 192.168.10.10;192.168.10.9
149 2 0 LSAck Network_2 192.168.9.1 192.168.9.2 192.168.10.10
149 2 0 LSAck Router_1 192.168.9.1 192.168.10.10 192.168.10.10
149 2 0 LSAck Router_1 192.168.9.1 192.168.10.9 192.168.10.9
149 2 0 LSAck Network_2 192.168.9.1 192.168.10.10 192.168.10.10
150 2 0 LSAck Router_1 192.168.10.1 192.168.10.9 192.168.10.9
150 2 0 LSAck Network_2 192.168.10.1 192.168.9.2 192.168.10.10
150 2 0 LSAck Router_1 192.168.10.1 192.168.10.10 192.168.10.10
150 2 0 LSAck Network_2 192.168.10.1 192.168.10.10 192.168.10.10
151 2 0 LSAck Network_2 192.168.10.5 192.168.9.2 192.168.10.10
151 2 0 LSAck Router_1 192.168.10.5 192.168.10.10 192.168.10.10
151 2 0 LSAck Network_2 192.168.10.5 192.168.10.10 192.168.10.10
152 2 0 LSAck Router_1 192.168.10.10 192.168.10.9 192.168.10.9
153 2 0 LSAck Network_2 192.168.10.9 192.168.9.2 192.168.10.10
153 2 0 LSAck Router_1 192.168.10.9 192.168.10.10 192.168.10.10
153 2 0 LSAck Network_2 192.168.10.9 192.168.10.10 192.168.10.10
154 2 0 LSAck Router_1 192.168.10.6 192.168.10.9 192.168.10.9Network OSPFv3 info
In OSPFv3 the format and content changed, hence the HELLO type messages alone do not contain enough information anymore to produce a concise view of the network.
New message types and LS types were added. So the present tutorial does not include all the reversing capabilities of the T2 tools for v3, as we are currently testing them in practice. They will be disseminated in later versions.
For the time being lets look at the openfactory pcap containing both versions:
t2 -r ~/data/ospfV23_opftry.pcap -w ~/results -s
As the end report states there are indeed both version present:
tawk -V ospfType=0x12
The ospfType column with value 0x12 is to be interpreted as follows:
bit | ospfType | Description
=============================================================================
1 | 0x02 | OSPF Hello
4 | 0x10 | OSPF LS Update
tawk -V ospfType=0x3e
The ospfType column with value 0x3e is to be interpreted as follows:
bit | ospfType | Description
=============================================================================
1 | 0x02 | OSPF Hello
2 | 0x04 | OSPF Database Description
3 | 0x08 | OSPF LS Request
4 | 0x10 | OSPF LS Update
5 | 0x20 | OSPF Acknowledge
The status file looks now a bit larger, as you now see a lot OSPFv3 LS Types. The 9 indicates many area interaction.
cat ~/results/ospfV23_opftry_ospfStats.txt
Number of OSPF packets: 62 [100.00%]
Number of OSPFv2 packets: 20 [32.26%]
Number of OSPFv3 packets: 42 [67.74%]
Number of OSPFv2 multicast packets: 20 [32.26%]
Number of OSPFv2 packets with null authentication: 20 [32.26%]
OSPFv2 Link State Request / Update ratio: 0.000
OSPFv2 Link State Update / Acknowledgment ratio: 0.000
OSPFv3 Link State Request / Update ratio: 0.100
OSPFv3 Link State Update / Acknowledgment ratio: 10.000
# OSPFv2 Type Packets
Hello 14 [ 70.00%]
LSUp 6 [ 30.00%]
# OSPFv3 Type Packets
Hello 8 [ 19.05%]
DBD 10 [ 23.81%]
LSReq 2 [ 4.76%]
LSUp 20 [ 47.62%]
LSAck 2 [ 4.76%]
# OSPFv2 LS Type Count
Router_1 4
ASext_5 2
# OSPFv3 LS Type Count
Router_1 93
Network_2 61
AS_EXT_5 277
Link_LSA_8 5
Intra_Area_Pref_9 51
INTR_A_TE_LSA_10 19The flow file contains the same information for version 2 and 3.
tcol ~/results/ospfV23_opftry_flows.txt
%dir flowInd flowStat timeFirst timeLast duration numHdrDesc numHdrs hdrDesc srcMac dstMac ethType ethVlanID srcIP srcIPCC srcIPOrg srcPort dstIP dstIPCC dstIPOrg dstPort l4Proto ospfStat ospfVersion ospfType ospfLSType ospfAuType ospfAuPass ospfArea ospfSrcRtr ospfBkupRtr ospfNeighbors
A 4 0x0800000000008000 1594638886.984511 1594638888.004560 1.020049 1 3 eth:ipv6:ospf 3c:ec:ef:46:69:7d 33:33:00:00:00:05 0x86dd fe80::3eec:efff:fe46:697d 04 "Link-local" 0 ff02::5 10 "OSPFIGP Link-local" 0 89 0x01 3 Hello;LSUp 0x0000000000000102 0x0000 0 80.77.16.70 0.0.0.0
A 5 0x0800000000008000 1594638887.612071 1594638888.810881 1.198810 1 3 eth:ipv6:ospf 3c:ec:ef:46:69:7d 64:d1:54:e8:cb:6c 0x86dd fe80::3eec:efff:fe46:697d 04 "Link-local" 0 fe80::66d1:54ff:fee8:cb6c 04 "Link-local" 0 89 0x01 3 DBD;LSReq;LSUp 0x0000000000000002 0x0000 0 80.77.16.70 0.0.0.0
B 5 0x0800000000008001 1594638887.751243 1594638925.315292 37.564049 1 3 eth:ipv6:ospf 64:d1:54:e8:cb:6c 3c:ec:ef:46:69:7d 0x86dd fe80::66d1:54ff:fee8:cb6c 04 "Link-local" 0 fe80::3eec:efff:fe46:697d 04 "Link-local" 0 89 0x01 3 DBD;LSUp;LSReq;LSAck 0x0000000000000626 0x0000 0 10.250.1.19 0.0.0.0
A 2 0x0800000000008000 1594638867.585397 1594638927.752841 60.167444 1 3 eth:ipv6:ospf 64:d1:54:e8:cb:6c 33:33:00:00:00:05 0x86dd fe80::66d1:54ff:fee8:cb6c 04 "Link-local" 0 ff02::5 10 "OSPFIGP Link-local" 0 89 0x01 3 Hello;LSUp;LSAck 0x0000000000000626 0x0000 0 10.250.1.19 80.77.16.70 80.77.16.70
A 1 0x0400000000004000 1594638867.585206 1594638927.753236 60.168030 1 3 eth:ipv4:ospf 64:d1:54:e8:cb:6c 01:00:5e:00:00:05 0x0800 5.226.149.25 ch "Openfactory GmbH" 0 224.0.0.5 10 "OSPFIGP All Routers" 0 89 0x01 2 Hello;LSUp 0x0000000000000022 0x0001 0 5.226.149.246 0.0.0.0 193.189.82.50
A 3 0x0400000000004000 1594638868.036975 1594638928.037368 60.000393 1 3 eth:ipv4:ospf 3c:ec:ef:46:69:7d 01:00:5e:00:00:05 0x0800 5.226.149.24 ch "Openfactory GmbH" 0 224.0.0.5 10 "OSPFIGP All Routers" 0 89 0x01 2 Hello;LSUp 0x0000000000000022 0x0001 0 193.189.82.50 0.0.0.0 5.226.149.246Same for the packet file
tcol ~/results/ospfV23_opftry_packets.txt
%pktNo flowInd flowStat time pktIAT pktTrip flowDuration numHdrs hdrDesc ethVlanID srcMac dstMac ethType srcIP srcIPCC srcIPOrg srcPort dstIP dstIPCC dstIPOrg dstPort l4Proto ospfStat ospfVersion ospfArea ospfType ospfLSType l7Content
1 1 0x0400000000004000 1594638867.585206 0.000000 0.000000 0.000000 3 eth:ipv4:ospf 64:d1:54:e8:cb:6c 01:00:5e:00:00:05 0x0800 5.226.149.25 ch Openfactory GmbH 224.0.0.5 10 OSPFIGP All Routers 89 0x01 2 0 Hello 0x0000000000000000 .....\n.....(..........R2
2 2 0x0800000000008000 1594638867.585397 0.000000 0.000000 0.000000 3 eth:ipv6:ospf 64:d1:54:e8:cb:6c 33:33:00:00:00:05 0x86dd fe80::66d1:54ff:fee8:cb6c 04 Link-local ff02::5 10 OSPFIGP Link-local 89 0x01 3 0 Hello 0x0000000000000000 .........\n.(\n.......
3 3 0x0400000000004000 1594638868.036975 0.000000 0.000000 0.000000 3 eth:ipv4:ospf 3c:ec:ef:46:69:7d 01:00:5e:00:00:05 0x0800 5.226.149.24 ch Openfactory GmbH 224.0.0.5 10 OSPFIGP All Routers 89 0x01 2 0 Hello 0x0000000000000000 .....\n.....(............
4 3 0x0400000000004000 1594638872.400223 4.363248 0.000000 4.363248 3 eth:ipv4:ospf 3c:ec:ef:46:69:7d 01:00:5e:00:00:05 0x0800 5.226.149.24 ch Openfactory GmbH 224.0.0.5 10 OSPFIGP All Routers 89 0x01 2 0 LSUp 0x0000000000000002 ........>...>.......N......?...1.......\n...g.......\n...........\n...=.......\n...>.......\n.../.......\n...!.......\n...z.......\n...p.......\n...'.......\n...........\n...q.......\n...&.......\n... .......\n...,.......\n...a.......\n...d.......\n...x.......\n...u.......\n...m.......\n...........\n...:.......\n...h.......\n...*.......\n...|.......\n...<.......\n...c.......\n...k.......\n...#.......\n...........\n...-.......\n...s.......\n...e.......\n...{.......\n...y.......\n...n.......\n...i.......\n...l.......\n...0.......\n...o.......\n...%.......\n...}.......\n...t.......\n...6.......\n...8.......\n...;.......\n...v.......\n...2.......\n...`.......\n...5.......\n...7.......\n...4.......\n...(.......\n...$.......\n...3.......\n...9.......\n...f.......\n...........\n...........\n...........\n...........\n...~.......\n...........\n
5 1 0x0400000000004000 1594638872.466526 4.881320 0.000000 4.881320 3 eth:ipv4:ospf 64:d1:54:e8:cb:6c 01:00:5e:00:00:05 0x0800 5.226.149.25 ch Openfactory GmbH 224.0.0.5 10 OSPFIGP All Routers 89 0x01 2 0 LSUp 0x0000000000000002 ........>...>.......N......?...1.......\n...g.......\n...........\n...=.......\n...>.......\n.../.......\n...!.......\n...z.......\n...p.......\n...'.......\n...........\n...q.......\n...&.......\n... .......\n...,.......\n...a.......\n...d.......\n...x.......\n...u.......\n...m.......\n...........\n...:.......\n...h.......\n...*.......\n...|.......\n...<.......\n...c.......\n...k.......\n...#.......\n...........\n...-.......\n...s.......\n...e.......\n...{.......\n...y.......\n...n.......\n...i.......\n...l.......\n...0.......\n...o.......\n...%.......\n...}.......\n...t.......\n...6.......\n...8.......\n...;.......\n...v.......\n...2.......\n...`.......\n...5.......\n...7.......\n...4.......\n...(.......\n...$.......\n...3.......\n...9.......\n...f.......\n...........\n...........\n...........\n...........\n...~.......\n...........\n
6 1 0x0400000000004000 1594638877.598877 5.132351 0.000000 10.013671 3 eth:ipv4:ospf 64:d1:54:e8:cb:6c 01:00:5e:00:00:05 0x0800 5.226.149.25 ch Openfactory GmbH 224.0.0.5 10 OSPFIGP All Routers 89 0x01 2 0 Hello 0x0000000000000000 .....\n.....(..........R2
7 2 0x0800000000008000 1594638877.599246 10.013849 0.000000 10.013849 3 eth:ipv6:ospf 64:d1:54:e8:cb:6c 33:33:00:00:00:05 0x86dd fe80::66d1:54ff:fee8:cb6c 04 Link-local ff02::5 10 OSPFIGP Link-local 89 0x01 3 0 Hello 0x0000000000000000 .........\n.(\n.......
8 3 0x0400000000004000 1594638878.036966 5.636743 0.000000 9.999991 3 eth:ipv4:ospf 3c:ec:ef:46:69:7d 01:00:5e:00:00:05 0x0800 5.226.149.24 ch Openfactory GmbH 224.0.0.5 10 OSPFIGP All Routers 89 0x01 2 0 Hello 0x0000000000000000 .....\n.....(............
9 4 0x0800000000008000 1594638886.984511 0.000000 0.000000 0.000000 3 eth:ipv6:ospf 3c:ec:ef:46:69:7d 33:33:00:00:00:05 0x86dd fe80::3eec:efff:fe46:697d 04 Link-local ff02::5 10 OSPFIGP Link-local 89 0x01 3 0 Hello 0x0000000000000000 .........\n.(........
10 2 0x0800000000008000 1594638887.611127 10.011881 0.000000 20.025730 3 eth:ipv6:ospf 64:d1:54:e8:cb:6c 33:33:00:00:00:05 0x86dd fe80::66d1:54ff:fee8:cb6c 04 Link-local ff02::5 10 OSPFIGP Link-local 89 0x01 3 0 Hello 0x0000000000000000 .........\n.(\n.......PM.F
11 1 0x0400000000004000 1594638887.611883 10.013006 0.000000 20.026676 3 eth:ipv4:ospf 64:d1:54:e8:cb:6c 01:00:5e:00:00:05 0x0800 5.226.149.25 ch Openfactory GmbH 224.0.0.5 10 OSPFIGP All Routers 89 0x01 2 0 Hello 0x0000000000000000 .....\n.....(..........R2
12 5 0x0800000000008000 1594638887.612071 0.000000 0.000000 0.000000 3 eth:ipv6:ospf 3c:ec:ef:46:69:7d 64:d1:54:e8:cb:6c 0x86dd fe80::3eec:efff:fe46:697d 04 Link-local fe80::66d1:54ff:fee8:cb6c 04 Link-local 89 0x01 3 0 DBD 0x0000000000000000 ...........2
13 5 0x0800000000008001 1594638887.751243 0.000000 0.139172 0.000000 3 eth:ipv6:ospf 64:d1:54:e8:cb:6c 3c:ec:ef:46:69:7d 0x86dd fe80::66d1:54ff:fee8:cb6c 04 Link-local fe80::3eec:efff:fe46:697d 04 Link-local 89 0x01 3 0 DBD 0x0000000000000000 ............
14 5 0x0800000000008001 1594638887.751332 0.000089 0.139261 0.000089 3 eth:ipv6:ospf 64:d1:54:e8:cb:6c 3c:ec:ef:46:69:7d 0x86dd fe80::66d1:54ff:fee8:cb6c 04 Link-local fe80::3eec:efff:fe46:697d 04 Link-local 89 0x01 3 0 DBD 0x0000000000000000 ...........2.. ...........&l.~.(.. .............n..(.. .............!..H.c ............al..(.; .............M..h.. .............3..(.. ...........L....(.. ...........T..D.H.. ................H.. .............C..(.? ..............Z.(.\t .....\n.....\r..?.(.& .....PM.F.....`.... .....R........*.h.- ........l.......(.. ............q...$.V .............Ka. .. ............o.8. .B ............*.2. .t ............n.p. .j ............eK.. .. ....$.......h... .. .....R.....\r!.J. .Z .....R......e*Y. .Z .....R.......".. .. ....#R......Js..$.Z .....R........>. .- ........l....:0. .:@................$.:@................$.:@.............V..$..@............]...$.Q@................$.@@...........\nq.o.$..@...........\nq.R.$..@...........\nq...$..@....\t......\nq...$..@....\n......\nE.6.$.\t@...........\nIS'.$.~@....f........-f.$..@..............z.$.;@...........\n.:/.$.;@...........\n.B%.$.c@............]...$.c@............]...$.c@............\...$..@............oj.....@............op..,..@................,..@................$..@.............pW.,..@...........\nq<s.$..@.............!:.$..@....\t...........$..@....\n........@..$..@............R...$..@....\r........F..$..@............oK9.$..@............./..$..@............o...$..@............o.\.$..@............o R.$..@............o(H.$..@............o0>.$..@............o...$.Z@............o...$.0@....i.......m,..$..@.............L..$..@..............5.$..@.............N..$..@............n...$
15 5 0x0800000000008000 1594638887.752004 0.139933 0.000672 0.139933 3 eth:ipv6:ospf 3c:ec:ef:46:69:7d 64:d1:54:e8:cb:6c 0x86dd fe80::3eec:efff:fe46:697d 04 Link-local fe80::66d1:54ff:fee8:cb6c 04 Link-local 89 0x01 3 0 LSReq 0x0000000000000000 .. ........... ........... ........... ........... ........... ........... ........... ........... ........... ........... ........... .....\n..... .....PM.F.. .....R..... ........l.. ........... ........... ........... ........... ........... ........... ....$...... .....R..... .....R..... .....R..... ....#R..... .....R..... ........l..@...........@...........@...........@...........@...........@...........@...........@...........@....\t......@....\n......@...........@....f......@...........@...........@...........@...........@...........@...........@...........@...........@...........@...........@...........@...........@...........@....\t......@....\n......@...........@....\r......@...........@...........@...........@...........@...........@...........@...........@...........@...........@....i......@...........@...........@...........@.........
16 5 0x0800000000008000 1594638887.752079 0.000075 0.000747 0.140008 3 eth:ipv6:ospf 3c:ec:ef:46:69:7d 64:d1:54:e8:cb:6c 0x86dd fe80::3eec:efff:fe46:697d 04 Link-local fe80::66d1:54ff:fee8:cb6c 04 Link-local 89 0x01 3 0 DBD 0x0000000000000000 ...........3........PM.F....3..8.. .....PM.F.....c.... \t....PM.F.......8
17 5 0x0800000000008001 1594638887.875973 0.124641 0.123894 0.124730 3 eth:ipv6:ospf 64:d1:54:e8:cb:6c 3c:ec:ef:46:69:7d 0x86dd fe80::66d1:54ff:fee8:cb6c 04 Link-local fe80::3eec:efff:fe46:697d 04 Link-local 89 0x01 3 0 LSUp 0x0000000000000026 ...!.. ...........&l.~.(...........C.......... .............n..(...................... .............!..H...3...\n.............................................d ............al..(...3............R....< .............M..h...3...\n... .......l...........$...........\r...........\n...\t....R..................... .............3..(.......\n.............. ...........L....(...3.................. ...........T..D.H.......\n........R......\n...............\n.......#R..... ................H.......\n...#...........\n...$...$.......\n.............. .............C..(.......\n.............@ ..............Z.(...3............R....\n .....\n.....\r..?.(.......\n.......#R....' .....PM.F.....`........ .....R........*.h.......\n........R......\n........R......\n........R......\n........R......\n...#...#R..... ........l.......(...................l.. ............q...$.................W .............Ka. ...3.......... ............o.8. ...3.........C ............*.2. ...3.........u ............n.p. ...3.........k ............eK.. ...3.......... ....$.......h... ...3.......... .....R.....\r!.J. ...3R........[ .....R......e*Y. ....R........[ .....R.......".. ...3R......... ....#R......Js..$....R...\n........[ .....R........>. ...3R......... ........l....:0. ...3...l.....;@................$....@...*.c@.....;@................$....@...*.c@.....;@.............V..$....@...*.c@ .(...@............]...$....@...*.c@...P.R@................$....@...*.c@...x
18 5 0x0800000000008001 1594638887.876174 0.000201 0.124095 0.124931 3 eth:ipv6:ospf 64:d1:54:e8:cb:6c 3c:ec:ef:46:69:7d 0x86dd fe80::66d1:54ff:fee8:cb6c 04 Link-local fe80::3eec:efff:fe46:697d 04 Link-local 89 0x01 3 0 LSUp 0x0000000000000020 ...&.A@...........\nq.o.$....@...*.c@......@...........\nq.R.$....@...*.c@......@...........\nq...$....@...*.c@...\n..@....\t......\nq...$....@...*.c@......@....\n......\nE.6.$....@...*.c@.....\n@...........\nIS'.$....@...*.c@......@....f........-f.$....@...*.c@...h..@..............z.$....@...*.c@.....<@...........\n.:/.$....@...*.c@.....<@...........\n.B%.$....@...*.c@.....d@............]...$....@...*.c@...j.d@............]...$....@...*.c@ ....d@............\...$....@...*.c@ .....@............oj.............@............op..,....|... ..p..\n...........@................,........ ..............5..@................$....@... ...`.....@.............pW.,....p... .\tx..............@...........\nq<s.$....@...*.c@...T..@.............!:.$....@...*.c@......@....\t...........$....@...*.c@......@....\n........@..$....@...*.c@......@............R...$....@...*.c@...i..@....\r........F..$....@...*.c@...j..@............oK9.$....@...*.c@...t..@............./..$....@...*.c@...x..@............o...$....@...*.c@...}..@............o.\.$....@...*.c@......@............o R.$....@...*.c@......@............o(H.$....@...*.c@......@............o0>.$....@...*.c@......@............o...$....@...*.c@.....[@............o...$....@...*.c@...f.1@....i.......m,..$....@... ......3..@.............L..$....0... ..x......@..............5.$....@... ...`.....@.............N..$....@...*.c@......@............n...$....@...*.c@...a
19 4 0x0800000000008000 1594638887.877822 0.893311 0.000000 0.893311 3 eth:ipv6:ospf 3c:ec:ef:46:69:7d 33:33:00:00:00:05 0x86dd fe80::3eec:efff:fe46:697d 04 Link-local ff02::5 10 OSPFIGP Link-local 89 0x01 3 0 LSUp 0x0000000000000002 ...... .....PM.F.....i......
...The hello file now has mixed versions. Note that for v3 there are IPv6 addresses and most of the information present in v2 is missing, so we have to look also in the message file.
tcol ~/results/ospfV23_opftry_ospfHello.txt
NumPkts Ver AreaID SrcOSPRtr SrcIP Netmask Network IntID RtrPrio Opt HelloInt RtrDInt DRtr BkupRtr NumNeigh Neighbors
1 2 0 5.226.149.246 5.226.149.25 255.255.255.255 5.226.149.25 - 1 0x00000002 10 40 0.0.0.0 0.0.0.0 1 193.189.82.50
2 3 0 10.250.1.19 fe80::66d1:54ff:fee8:cb6c - - 176 1 0x00000013 10 40 10.250.1.19 0.0.0.0 0
3 2 0 193.189.82.50 5.226.149.24 255.255.255.254 5.226.149.24 - 1 0x00000002 10 40 0.0.0.0 0.0.0.0 1 5.226.149.246
6 2 0 5.226.149.246 5.226.149.25 255.255.255.255 5.226.149.25 - 1 0x00000002 10 40 0.0.0.0 0.0.0.0 1 193.189.82.50
7 3 0 10.250.1.19 fe80::66d1:54ff:fee8:cb6c - - 176 1 0x00000013 10 40 10.250.1.19 0.0.0.0 0
8 2 0 193.189.82.50 5.226.149.24 255.255.255.254 5.226.149.24 - 1 0x00000002 10 40 0.0.0.0 0.0.0.0 1 5.226.149.246
9 3 0 80.77.16.70 fe80::3eec:efff:fe46:697d - - 12 1 0x00000013 10 40 0.0.0.0 0.0.0.0 0
10 3 0 10.250.1.19 fe80::66d1:54ff:fee8:cb6c - - 176 1 0x00000013 10 40 10.250.1.19 0.0.0.0 1 80.77.16.70
11 2 0 5.226.149.246 5.226.149.25 255.255.255.255 5.226.149.25 - 1 0x00000002 10 40 0.0.0.0 0.0.0.0 1 193.189.82.50
25 2 0 193.189.82.50 5.226.149.24 255.255.255.254 5.226.149.24 - 1 0x00000002 10 40 0.0.0.0 0.0.0.0 1 5.226.149.246
45 2 0 5.226.149.246 5.226.149.25 255.255.255.255 5.226.149.25 - 1 0x00000002 10 40 0.0.0.0 0.0.0.0 1 193.189.82.50
46 3 0 10.250.1.19 fe80::66d1:54ff:fee8:cb6c - - 176 1 0x00000013 10 40 10.250.1.19 80.77.16.70 1 80.77.16.70
47 2 0 193.189.82.50 5.226.149.24 255.255.255.254 5.226.149.24 - 1 0x00000002 10 40 0.0.0.0 0.0.0.0 1 5.226.149.246
50 3 0 10.250.1.19 fe80::66d1:54ff:fee8:cb6c - - 176 1 0x00000013 10 40 10.250.1.19 80.77.16.70 1 80.77.16.70
51 2 0 5.226.149.246 5.226.149.25 255.255.255.255 5.226.149.25 - 1 0x00000002 10 40 0.0.0.0 0.0.0.0 1 193.189.82.50
52 2 0 193.189.82.50 5.226.149.24 255.255.255.254 5.226.149.24 - 1 0x00000002 10 40 0.0.0.0 0.0.0.0 1 5.226.149.246
55 2 0 5.226.149.246 5.226.149.25 255.255.255.255 5.226.149.25 - 1 0x00000002 10 40 0.0.0.0 0.0.0.0 1 193.189.82.50
56 3 0 10.250.1.19 fe80::66d1:54ff:fee8:cb6c - - 176 1 0x00000013 10 40 10.250.1.19 80.77.16.70 1 80.77.16.70
57 2 0 193.189.82.50 5.226.149.24 255.255.255.254 5.226.149.24 - 1 0x00000002 10 40 0.0.0.0 0.0.0.0 1 5.226.149.246
60 3 0 10.250.1.19 fe80::66d1:54ff:fee8:cb6c - - 176 1 0x00000013 10 40 10.250.1.19 80.77.16.70 1 80.77.16.70
61 2 0 5.226.149.246 5.226.149.25 255.255.255.255 5.226.149.25 - 1 0x00000002 10 40 0.0.0.0 0.0.0.0 1 193.189.82.50
62 2 0 193.189.82.50 5.226.149.24 255.255.255.254 5.226.149.24 - 1 0x00000002 10 40 0.0.0.0 0.0.0.0 1 5.226.149.246The Database file contains for v3 ID’s instead of real IP addresses, which need to correlated with LS Update messages.
tcol ~/results/ospfV23_opftry_ospfDBD.txt
NumPkts Ver AreaID RtrID LSLinkID ADVRouter Dna Age Seq# Checksum MTU Flags LSType tlvType tlvValOpt
14 3 0 10.250.1.19 0.0.0.0 5.226.149.1 0 797 0x8000266c 0xc07e 1500 0x0200 Router_1
14 3 0 10.250.1.19 0.0.0.0 5.226.149.2 0 704 0x800013a5 0x6ee1 1500 0x0200 Router_1
14 3 0 10.250.1.19 0.0.0.0 5.226.149.3 0 3 0x8002e0ce 0x2196 1500 0x0200 Router_1
14 3 0 10.250.1.19 0.0.0.0 5.226.149.6 0 1635 0x80000761 0x6c96 1500 0x0200 Router_1
14 3 0 10.250.1.19 0.0.0.0 5.226.149.234 0 827 0x800018eb 0x4d0f 1500 0x0200 Router_1
14 3 0 10.250.1.19 0.0.0.0 5.226.149.249 0 463 0x800017fe 0x33e6 1500 0x0200 Router_1
14 3 0 10.250.1.19 0.0.0.0 5.226.149.250 0 458 0x80014c10 0x15e0 1500 0x0200 Router_1
14 3 0 10.250.1.19 0.0.0.0 5.226.149.251 0 1045 0x800054b9 0xdb44 1500 0x0200 Router_1
14 3 0 10.250.1.19 0.0.0.0 5.226.149.252 0 24 0x8001fcfc 0x88ed 1500 0x0200 Router_1
14 3 0 10.250.1.19 0.0.0.0 5.226.149.253 0 1730 0x800011d8 0x43c9 1500 0x0200 Router_1
14 3 0 10.250.1.19 0.0.0.0 5.226.149.254 0 63 0x80001ad1 0xb85a 1500 0x0200 Router_1
14 3 0 10.250.1.19 0.0.0.0 10.250.1.19 0 777 0x80000de6 0xcb3f 1500 0x0200 Router_1
14 3 0 10.250.1.19 0.0.0.0 80.77.16.70 0 1062 0x80000006 0xd660 1500 0x0200 Router_1
14 3 0 10.250.1.19 0.0.0.0 82.197.176.3 0 203 0x8000eddb 0xeb2a 1500 0x0200 Router_1
14 3 0 10.250.1.19 0.0.0.0 192.168.150.108 0 1069 0x800017e1 0x2eb8 1500 0x0200 Router_1
14 3 0 10.250.1.19 0.0.0.11 5.226.149.2 0 697 0x80000071 0xc4ec 1500 0x0200 Network_2
14 3 0 10.250.1.19 0.0.0.12 5.226.149.3 0 342 0x800010c3 0x4b61 1500 0x0200 Network_2
14 3 0 10.250.1.19 0.0.0.17 5.226.149.3 0 787 0x8000006f 0xe638 1500 0x0200 Network_2
14 3 0 10.250.1.19 0.0.0.20 5.226.149.3 0 66 0x8000122a 0x0c32 1500 0x0200 Network_2
14 3 0 10.250.1.19 0.0.0.4 5.226.149.234 0 372 0x8000006e 0xdd70 1500 0x0200 Network_2
14 3 0 10.250.1.19 0.0.0.3 5.226.149.252 0 1642 0x80000065 0x4be8 1500 0x0200 Network_2
14 3 0 10.250.1.19 0.0.0.36 5.226.149.252 0 1458 0x80000068 0x1e01 1500 0x0200 Network_2
14 3 0 10.250.1.19 0.0.0.2 82.197.176.3 0 202 0x80000d21 0x8e4a 1500 0x0200 Network_2
14 3 0 10.250.1.19 0.0.0.25 82.197.176.3 0 1370 0x80001765 0x2a59 1500 0x0200 Network_2
14 3 0 10.250.1.19 0.0.0.27 82.197.176.3 0 1370 0x80001bce 0x22ce 1500 0x0200 Network_2
14 3 0 10.250.1.19 0.0.0.35 82.197.176.3 0 540 0x8000024a 0x7319 1500 0x0200 Network_2
14 3 0 10.250.1.19 0.0.0.165 82.197.176.3 0 1370 0x800007f0 0x133e 1500 0x0200 Network_2
14 3 0 10.250.1.19 0.0.0.178 192.168.150.108 0 1069 0x80001694 0x3a30 1500 0x0200 Network_2
14 3 0 10.250.1.19 0.0.0.0 5.226.149.2 0 826 0x800011b2 0x9c8c 1500 0x0200 AS_EXT_5
14 3 0 10.250.1.19 0.0.0.1 5.226.149.2 0 826 0x800011b2 0xa482 1500 0x0200 AS_EXT_5
14 3 0 10.250.1.19 0.0.0.2 5.226.149.2 0 826 0x800011b2 0x5614 1500 0x0200 AS_EXT_5
14 3 0 10.250.1.19 0.0.0.4 5.226.149.2 0 723 0x80000e5d 0x1fa8 1500 0x0200 AS_EXT_5
14 3 0 10.250.1.19 0.0.0.5 5.226.149.2 0 337 0x80000bc1 0x1914 1500 0x0200 AS_EXT_5
14 3 0 10.250.1.19 0.0.0.6 5.226.149.2 0 1344 0x80000a71 0x826f 1500 0x0200 AS_EXT_5
14 3 0 10.250.1.19 0.0.0.7 5.226.149.2 0 1270 0x80000a71 0x9c52 1500 0x0200 AS_EXT_5
14 3 0 10.250.1.19 0.0.0.8 5.226.149.2 0 1207 0x80000a71 0xda0f 1500 0x0200 AS_EXT_5
14 3 0 10.250.1.19 0.0.0.9 5.226.149.2 0 1181 0x80000a71 0x19cb 1500 0x0200 AS_EXT_5
14 3 0 10.250.1.19 0.0.0.10 5.226.149.2 0 1233 0x80000a45 0xd336 1500 0x0200 AS_EXT_5
14 3 0 10.250.1.19 0.0.0.1 5.226.149.3 0 521 0x80000a49 0x5327 1500 0x0200 AS_EXT_5
14 3 0 10.250.1.19 0.0.0.102 5.226.149.3 0 1662 0x800017f4 0x2d66 1500 0x0200 AS_EXT_5The message file contains now the important LS Update messages containing all necessary IP information.
tcol ~/results/ospfV23_opftry_ospf3Msg.txt
NumPkts Ver Area srcRtr MsgType LSType SrcIP DstIP LSAAdvRtr LSAOpts LSLinkID IntID NeighIntID RefAdvRtr/AttchRtrs type prefOpts Metric RefLSA RefPrefix lnkLclIP/FwdIP
...
17 3 0 10.250.1.19 LSUp Router_1 fe80::66d1:54ff:fee8:cb6c fe80::3eec:efff:fe46:697d 5.226.149.1 0x02000013 0.0.0.67 0.0.0.11 5.226.149.2 - Transit 1
17 3 0 10.250.1.19 LSUp Router_1 fe80::66d1:54ff:fee8:cb6c fe80::3eec:efff:fe46:697d 5.226.149.2 0x02000013 0.0.0.11 0.0.0.11 5.226.149.2 - Transit 1
17 3 0 10.250.1.19 LSUp Router_1 fe80::66d1:54ff:fee8:cb6c fe80::3eec:efff:fe46:697d 5.226.149.3 0x02000133 0.0.0.12 0.0.0.12 5.226.149.3 - Transit 10
17 3 0 10.250.1.19 LSUp Router_1 fe80::66d1:54ff:fee8:cb6c fe80::3eec:efff:fe46:697d 5.226.149.3 0x02000133 0.0.0.17 0.0.0.17 5.226.149.3 - Transit 1
17 3 0 10.250.1.19 LSUp Router_1 fe80::66d1:54ff:fee8:cb6c fe80::3eec:efff:fe46:697d 5.226.149.3 0x02000133 0.0.0.20 0.0.0.20 5.226.149.3 - Transit 1
17 3 0 10.250.1.19 LSUp Router_1 fe80::66d1:54ff:fee8:cb6c fe80::3eec:efff:fe46:697d 192.168.150.108 0x02000013 0.0.0.178 0.0.0.178 192.168.150.108 - Transit 1
...
17 3 0 10.250.1.19 LSUp Network_2 fe80::66d1:54ff:fee8:cb6c fe80::3eec:efff:fe46:697d 10.250.1.19 0x00000013 0.0.0.11 - - 5.226.149.2;5.226.149.1;5.226.149.252
17 3 0 10.250.1.19 LSUp Network_2 fe80::66d1:54ff:fee8:cb6c fe80::3eec:efff:fe46:697d 10.250.1.19 0x00000133 0.0.0.12 - - 5.226.149.3;5.226.149.253
17 3 0 10.250.1.19 LSUp Network_2 fe80::66d1:54ff:fee8:cb6c fe80::3eec:efff:fe46:697d 10.250.1.19 0x00000133 0.0.0.17 - - 5.226.149.3;5.226.149.234
17 3 0 10.250.1.19 LSUp Network_2 fe80::66d1:54ff:fee8:cb6c fe80::3eec:efff:fe46:697d 10.250.1.19 0x00000133 0.0.0.20 - - 5.226.149.3;5.226.149.251
17 3 0 10.250.1.19 LSUp Network_2 fe80::66d1:54ff:fee8:cb6c fe80::3eec:efff:fe46:697d 10.250.1.19 0x00000133 0.0.0.4 - - 5.226.149.234;5.226.149.249
17 3 0 10.250.1.19 LSUp Network_2 fe80::66d1:54ff:fee8:cb6c fe80::3eec:efff:fe46:697d 10.250.1.19 0x00000033 0.0.0.3 - - 5.226.149.252;5.226.149.250
17 3 0 10.250.1.19 LSUp Network_2 fe80::66d1:54ff:fee8:cb6c fe80::3eec:efff:fe46:697d 10.250.1.19 0x00000133 0.0.0.36 - - 5.226.149.252;5.226.149.234
17 3 0 10.250.1.19 LSUp Network_2 fe80::66d1:54ff:fee8:cb6c fe80::3eec:efff:fe46:697d 10.250.1.19 0x00000133 0.0.0.2 - - 82.197.176.3;5.226.149.234
17 3 0 10.250.1.19 LSUp Network_2 fe80::66d1:54ff:fee8:cb6c fe80::3eec:efff:fe46:697d 10.250.1.19 0x00000013 0.0.0.25 - - 82.197.176.3;5.226.149.251
17 3 0 10.250.1.19 LSUp Network_2 fe80::66d1:54ff:fee8:cb6c fe80::3eec:efff:fe46:697d 10.250.1.19 0x00000033 0.0.0.27 - - 82.197.176.3;5.226.149.254
17 3 0 10.250.1.19 LSUp Network_2 fe80::66d1:54ff:fee8:cb6c fe80::3eec:efff:fe46:697d 10.250.1.19 0x00000013 0.0.0.35 - - 82.197.176.3;10.250.1.19;5.226.149.251
17 3 0 10.250.1.19 LSUp Network_2 fe80::66d1:54ff:fee8:cb6c fe80::3eec:efff:fe46:697d 10.250.1.19 0x00000033 0.0.0.165 - - 82.197.176.3;5.226.149.6
17 3 0 10.250.1.19 LSUp Network_2 fe80::66d1:54ff:fee8:cb6c fe80::3eec:efff:fe46:697d 10.250.1.19 0x00000133 0.0.0.178 - - 192.168.150.108;5.226.149.234
17 3 0 10.250.1.19 LSUp AS_EXT_5 fe80::66d1:54ff:fee8:cb6c fe80::3eec:efff:fe46:697d 5.226.149.2 - 0.0.0.0 - - - 0x00 0 0x00 Unknown_0 2a00:6340:1000:18a::/64 - -
17 3 0 10.250.1.19 LSUp AS_EXT_5 fe80::66d1:54ff:fee8:cb6c fe80::3eec:efff:fe46:697d 5.226.149.2 - 0.0.0.1 - - - 0x00 0 0x00 Unknown_0 2a00:6340:1000:18b::/64 - -
17 3 0 10.250.1.19 LSUp AS_EXT_5 fe80::66d1:54ff:fee8:cb6c fe80::3eec:efff:fe46:697d 5.226.149.2 - 0.0.0.2 - - - 0x00 0 0x00 Unknown_0 2a00:6340:2010:2800::/64 - -
17 3 0 10.250.1.19 LSUp AS_EXT_5 fe80::66d1:54ff:fee8:cb6c fe80::3eec:efff:fe46:697d 5.226.149.2 - 0.0.0.4 - - - 0x00 0 0x00 Unknown_0 2a00:6340:0:150::/64 - -
17 3 0 10.250.1.19 LSUp AS_EXT_5 fe80::66d1:54ff:fee8:cb6c fe80::3eec:efff:fe46:697d 5.226.149.2 - 0.0.0.5 - - - 0x00 0 0x00 Unknown_0 2a00:6340:1000:178::/64 - -
18 3 0 10.250.1.19 LSUp AS_EXT_5 fe80::66d1:54ff:fee8:cb6c fe80::3eec:efff:fe46:697d 5.226.149.2 - 0.0.0.6 - - - 0x00 0 0x00 Unknown_0 2a00:6340:1000:104::/64 - -
18 3 0 10.250.1.19 LSUp AS_EXT_5 fe80::66d1:54ff:fee8:cb6c fe80::3eec:efff:fe46:697d 5.226.149.2 - 0.0.0.7 - - - 0x00 0 0x00 Unknown_0 2a00:6340:1000:106::/64 - -
18 3 0 10.250.1.19 LSUp AS_EXT_5 fe80::66d1:54ff:fee8:cb6c fe80::3eec:efff:fe46:697d 5.226.149.2 - 0.0.0.8 - - - 0x00 0 0x00 Unknown_0 2a00:6340:1000:10a::/64 - -
18 3 0 10.250.1.19 LSUp AS_EXT_5 fe80::66d1:54ff:fee8:cb6c fe80::3eec:efff:fe46:697d 5.226.149.3 - 0.0.1.231 - - - 0x04 20 0x00 Unknown_0 2a00:6340:1000:107::/64 - -
...
26 3 0 10.250.1.19 LSUp Intra_Area_Pref_9 fe80::66d1:54ff:fee8:cb6c ff02::5 10.250.1.19 - 0.0.0.5 - 0.0.0.0 5.226.149.3 0x00 1 Router_1 2a00:6340:1000:2::/64
26 3 0 10.250.1.19 LSUp Intra_Area_Pref_9 fe80::66d1:54ff:fee8:cb6c ff02::5 10.250.1.19 - 0.0.0.5 - 0.0.0.0 5.226.149.3 0x00 1 Router_1 2a00:6340:1000:190::/64
30 3 0 10.250.1.19 LSUp Router_1 fe80::66d1:54ff:fee8:cb6c ff02::5 10.250.1.19 0x00000013 0.0.0.176 0.0.0.176 10.250.1.19 - Transit 10
30 3 0 10.250.1.19 LSUp Router_1 fe80::66d1:54ff:fee8:cb6c ff02::5 10.250.1.19 0x00000013 0.0.0.16 0.0.0.35 82.197.176.3 - Transit 10
30 3 0 10.250.1.19 LSUp Intra_Area_Pref_9 fe80::66d1:54ff:fee8:cb6c ff02::5 10.250.1.19 - 0.0.0.0 - 0.0.0.0 10.250.1.19 0x00 10 Router_1 2602:fed2:fff:ffff::/64
30 3 0 10.250.1.19 LSUp Intra_Area_Pref_9 fe80::66d1:54ff:fee8:cb6c ff02::5 10.250.1.19 - 0.0.0.0 - 0.0.0.0 10.250.1.19 0x00 10 Router_1 2a00:6340:1000:18f::/64
30 3 0 10.250.1.19 LSUp Intra_Area_Pref_9 fe80::66d1:54ff:fee8:cb6c ff02::5 10.250.1.19 - 0.0.0.0 - 0.0.0.0 10.250.1.19 0x00 10 Router_1 2001:7f8:13::/64
30 3 0 10.250.1.19 LSUp Intra_Area_Pref_9 fe80::66d1:54ff:fee8:cb6c ff02::5 10.250.1.19 - 0.0.0.0 - 0.0.0.0 10.250.1.19 0x00 10 Router_1 2001:978:2:3::2:0/112
30 3 0 10.250.1.19 LSUp Intra_Area_Pref_9 fe80::66d1:54ff:fee8:cb6c ff02::5 10.250.1.19 - 0.0.0.0 - 0.0.0.0 10.250.1.19 0x00 10 Router_1 2a00:6340:0:161::/64
30 3 0 10.250.1.19 LSUp Intra_Area_Pref_9 fe80::66d1:54ff:fee8:cb6c ff02::5 10.250.1.19 - 0.0.0.0 - 0.0.0.0 10.250.1.19 0x00 10 Router_1 2a01:20e:1000::/64
30 3 0 10.250.1.19 LSUp Intra_Area_Pref_9 fe80::66d1:54ff:fee8:cb6c ff02::5 10.250.1.19 - 0.0.0.0 - 0.0.0.0 10.250.1.19 0x00 10 Router_1 2a00:6340:1000:105::/64
30 3 0 10.250.1.19 LSUp Intra_Area_Pref_9 fe80::66d1:54ff:fee8:cb6c ff02::5 10.250.1.19 - 0.0.0.0 - 0.0.0.0 10.250.1.19 0x00 10 Router_1 2a00:6340:1000:100::/64
30 3 0 10.250.1.19 LSUp Network_2 fe80::66d1:54ff:fee8:cb6c ff02::5 10.250.1.19 0x00000013 0.0.0.176 - - 10.250.1.19;80.77.16.70
30 3 0 10.250.1.19 LSUp Intra_Area_Pref_9 fe80::66d1:54ff:fee8:cb6c ff02::5 10.250.1.19 - 0.0.0.176 - 0.0.0.176 10.250.1.19 0x00 0 Network_2 2a00:6340:1000:18e::/64
32 3 0 10.250.1.19 LSAck Router_1 fe80::66d1:54ff:fee8:cb6c fe80::3eec:efff:fe46:697d 80.77.16.70 - 0.0.0.0 - - -
33 3 0 10.250.1.19 LSAck Router_1 fe80::66d1:54ff:fee8:cb6c ff02::5 80.77.16.70 - 0.0.0.0 - - -
33 3 0 10.250.1.19 LSAck Link_LSA_8 fe80::66d1:54ff:fee8:cb6c ff02::5 80.77.16.70 - 0.0.0.12 - - -
36 3 0 10.250.1.19 LSUp INTR_A_TE_LSA_10 fe80::66d1:54ff:fee8:cb6c ff02::5 5.226.149.3 - 0;18 0x00030010;0x2a006340;0x00000168;0x00000000;0x00000000;0x00020080;0x00110008;0x0000000d;0x05e295fc;0x00010001;0x02000000;0x00120020;0x2a006340;0x10000002;0x00000000;0x00000011;0x2a006340;0x10000190;0x00000000;0x00000001;0x00130010;0x00000000;0x00000000;0x00000000;0x00000000;0x00050004;0x00000001;0x00060004;0x4e9502f9;0x00080020;0x00000000;0x00000000;0x00000000;0x00000000;0x00000000;0x00000000;0x00000000;0x00000000;0x00000000;0x05e295fc;0x8001fcfc;0x88ed0048;0x06c32001;
37 3 0 10.250.1.19 LSUp Router_1 fe80::66d1:54ff:fee8:cb6c ff02::5 5.226.149.253 0x02000013 0.0.0.22 0.0.0.12 5.226.149.3 - Transit 10
38 3 0 10.250.1.19 LSUp Router_1 fe80::66d1:54ff:fee8:cb6c ff02::5 5.226.149.252 0x02000013 0.0.0.35 0.0.0.11 5.226.149.2 - Transit 10
38 3 0 10.250.1.19 LSUp Router_1 fe80::66d1:54ff:fee8:cb6c ff02::5 5.226.149.252 0x02000013 0.0.0.13 0.0.0.13 5.226.149.252 - Transit 10
...In future we will extend the present scripts to reverse the network structure for OSPFv3.
Conclusion
Experiment by changing the output representation of IDs and types: OSPF_LSID_AS_IP, OSPF_TYP_STR, OSPF_LSTYP_STR
If you do, do not forget to reset the configuration for the next tutorials:
t2conf --reset ospfDecode && t2build ospfDecode
Have fun with ospfDecode!