Using Wireshark in a OSPF network
mikeybinec
Member Posts: 484 ■■■□□□□□□□
in CCNA & CCENT
This has gotta be a Guru question so bear with me
I want to look at OSPF LSAs, so I labbed up three routers--two connected by WAN links and one connected by ethernet. I connected one host to a router and gave it an ip address through dhcp. Everybody can ping each other via OSPF. The host has Wireshark running on it but it aint' giving me interesting OSPF LSA information.. I configured it so it shows only ospf and arp.
I'm guessing that Wireshark doesn't see ospf packets on a ethernet link to a host host. Here's the nonsense reading I'm
getting:
PROTOCOL INFO
UNKNOWN WTAP_ENCAP=1
UNKNOWN WTAP_ENCAP=1
etc, etc ad naseum
It appears to me that I ain't got a clue on how to configure Wireshark to look at OSPF LSAs.
I was reading Paul Browning's CCNA book and he has illustrations that show OSPF LSAs using Wireshark.. I want to duplicate it
myself but it aint working for me.
OH MIGHTY CCNP GURU, PLEASE SHOW ME THE WAY--I PROMISE I WILL HONOR YOUR PRESENCE TIL THE END OF TIME
Regards, Mikey
I want to look at OSPF LSAs, so I labbed up three routers--two connected by WAN links and one connected by ethernet. I connected one host to a router and gave it an ip address through dhcp. Everybody can ping each other via OSPF. The host has Wireshark running on it but it aint' giving me interesting OSPF LSA information.. I configured it so it shows only ospf and arp.
I'm guessing that Wireshark doesn't see ospf packets on a ethernet link to a host host. Here's the nonsense reading I'm
getting:
PROTOCOL INFO
UNKNOWN WTAP_ENCAP=1
UNKNOWN WTAP_ENCAP=1
etc, etc ad naseum
It appears to me that I ain't got a clue on how to configure Wireshark to look at OSPF LSAs.
I was reading Paul Browning's CCNA book and he has illustrations that show OSPF LSAs using Wireshark.. I want to duplicate it
myself but it aint working for me.
OH MIGHTY CCNP GURU, PLEASE SHOW ME THE WAY--I PROMISE I WILL HONOR YOUR PRESENCE TIL THE END OF TIME
Regards, Mikey
Cisco NetAcad Cuyamaca College
A.S. LAN Management 2010 Grossmont College
B.S. I.T. Management 2013 National University
A.S. LAN Management 2010 Grossmont College
B.S. I.T. Management 2013 National University
Comments
-
fredrikjj
Member Posts: 879
I'm not a Wireshark guru (a novice, really), but as long as OSPF packets are actually sent on the links that you are monitoring, they are very easy to find and look at. Of course, to see interesting stuff, you need watch the OSPF adjacency get built and the LSAs exchanged, etc, and this requires that you have at least two routers on the link. GNS3 is nice for this because you can just right click on any link and get Wireshark to pick everything up. -
EdTheLad
Member Posts: 2,111 ■■■■□□□□□□
Ask yourself what is ospf used for? Why would you being sending lsa's to a host?
The host has an ip address and a default gateway, it's highly unlikely that it's a linux host running ospf.
At best you would see an ospf hello packet, and that's only if the host subnet is configured under ospf.As Fred said, use GNS and
monitor the link between routers that's exchanging ospf packets.Networking, sometimes i love it, mostly i hate it.Its all about the $$$$