Using Wireshark in a OSPF network

This has gotta be a Guru question so bear with me

I want to look at OSPF LSAs, so I labbed up three routers--two connected by WAN links and one connected by ethernet. I connected one host to a router and gave it an ip address through dhcp. Everybody can ping each other via OSPF. The host has Wireshark running on it but it aint' giving me interesting OSPF LSA information.. I configured it so it shows only ospf and arp.

I'm guessing that Wireshark doesn't see ospf packets on a ethernet link to a host host. Here's the nonsense reading I'm
getting:

PROTOCOL INFO

UNKNOWN WTAP_ENCAP=1
UNKNOWN WTAP_ENCAP=1

etc, etc ad naseum

It appears to me that I ain't got a clue on how to configure Wireshark to look at OSPF LSAs.

I was reading Paul Browning's CCNA book and he has illustrations that show OSPF LSAs using Wireshark.. I want to duplicate it
myself but it aint working for me.

OH MIGHTY CCNP GURU, PLEASE SHOW ME THE WAY--I PROMISE I WILL HONOR YOUR PRESENCE TIL THE END OF TIME

Regards, Mikey

Find more posts tagged with

Comments

fredrikjj

I'm not a Wireshark guru (a novice, really), but as long as OSPF packets are actually sent on the links that you are monitoring, they are very easy to find and look at. Of course, to see interesting stuff, you need watch the OSPF adjacency get built and the LSAs exchanged, etc, and this requires that you have at least two routers on the link. GNS3 is nice for this because you can just right click on any link and get Wireshark to pick everything up.

EdTheLad

Ask yourself what is ospf used for? Why would you being sending lsa's to a host?
The host has an ip address and a default gateway, it's highly unlikely that it's a linux host running ospf.
At best you would see an ospf hello packet, and that's only if the host subnet is configured under ospf.As Fred said, use GNS and
monitor the link between routers that's exchanging ospf packets.