From: Robert DeVito (robertdevito@xxxxxxxxxxx)
Date: Sat Feb 10 2001 - 00:31:56 GMT-3
Any ideas on finding a unkown IPX network number and encap type? Would debug
ipx packet details give the same results?
Robert
----Original Message Follows----
From: Gopala Naganab <netlanceconsulting@yahoo.com>
Reply-To: Gopala Naganab <netlanceconsulting@yahoo.com>
To: ccielab@groupstudy.com
CC: devender.singh@cmc.cwo.net.au, ashort@wingedwheel.net
Subject: ct: Re: BGP
Date: Fri, 9 Feb 2001 16:14:39 -0800 (PST)
sho ip pack detail ----->gave me the following.
s2-r2-2500-2501C#u all
All possible debugging has been turned off
s2-r2-2500-2501C#deb ip pa det------------>DEBUG
IP packet debugging is on (detailed)
s2-r2-2500-2501C#
21:28:54: IP: s=142.108.10.8 (Ethernet0),
d=142.108.10.7, len 44, rcvd 0------------> LOOK FOR
S= ADDR
21:28:54: TCP src=11200, dst=179, seq=2225043935,
ack=0, win=16384 SYN-------------->LOOK FOR DST=179
TCP PORT FOR BGP
21:28:54: IP: s=142.108.10.7 (local), d=142.108.10.8
(Ethernet0), len 40, sending
21:28:54: TCP src=179, dst=11200, seq=0,
ack=2225043936, win=0 ACK RST
SOURCE IP IS THE ONE YOU SHD USE IN NEIGHBOR CMND.
DEST IP ADDR IS SUPPOSED TO BE 'UPDATE SOURCE' IN THE
NEIGHBOR STATEMENT..
CHEERS,
GOPAL
*****************
If I knew the IP address, I would attempt to peer with
it and then sniff
the reply packets for the remote ASN. I don't know if
that would work but
I would TRY it. Also...there may are arin records on
who owns which
address space and you might be able to match THAT with
an ASN as well.
Not knowing the IP address...you'd have to make a few
assumptions about
the remote router's medium and work with that. If
it's ethernet...ping
the subnet broadcast to see if any routers return an
icmp reply. If it's
frame relay, try inverse arp...if it's ATM...you're on
your own. =-)
Also...look for the remote router trying to establish
a session with your
router, that would most definitely have the remote ASN
in the packet.
BUT...without knowledge of the IP and of the ASN's
involved...you really
SHOULDN'T be trying to establish a peering session.
Unless it's for lab
purposes. And I CAN tell you, that they do NOT
withhold information from
you in the lab that isn't TOO difficult to find out
for yourself. =-)
On Mon, 5 Feb 2001, Devender Singh wrote:
> How would you know AS number of the remote AS,
or/and also ip address. Given
> that you cannot have any kind of access into the
router and cdp is disabled.
>
> I donnot know. Any suggestions.
>
> Devender Singh
> BE(Hons), CCNP
> IP Solution Specialist
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:28:44 GMT-3