From: Bauer, Rick (BAUERR@xxxxxxxxxxx)
Date: Thu Dec 06 2001 - 17:35:09 GMT-3
And a step further you can also use "debug ip packet detail dump" to find
the BGP remote AS number. You can also use the dump option to find out what
you clear text routing process authentication passwords are. I wonder what
else? Maybe someone can fill in the blanks....
Pretty cool....
-----Omitted-----
20:18:59: IP: s=200.0.0.2 (Serial0/0), d=200.0.0.4, len 85, rcvd 4
20:18:59: TCP src=11128, dst=179, seq=1077038741, ack=1129605051,
win=16384 ACK PSH
01B62BD0: 18410800 45C00055 00020000 .A..E@.U....
01B62BE0: FE062BDA C8000002 C8000004 2B7800B3 ~.+ZH...H...+x.3 ***
source/destination
01B62BF0: 40324E95 435467BB 50184000 87550000 @2N.CTg;P.@..U..
01B62C00: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF ................
01B62C10: 002D0104 07D000B4 C8000002 10020601 .-...P.4H....... *** 07d0
from AS2000
01B62C20: 04000100 01020280 00020202 0032 .............2
-----Omitted-----
-----Original Message-----
From: lgao [mailto:lgao@cisco.com]
Sent: Wednesday, December 05, 2001 4:00 PM
Cc: ccielab@groupstudy.com
Subject: Finding Remote-site EIGRP AS number.
Remember couple of month ago, there are threads floating around about how to
find EIGRP AS number on the other side
if you do not know?
I don't know what that guy IOS version was, but from 12.0 above, you can
not see the remote site AS number by
tunnng on "debug egirp pac" or "debug ip eigrp "
or "debug eigrp pac hello verbose". You can only see you are sending hello
packt, but no receiving hello packts.
Now here is an answer how to find remote EIGRP AS number on IP. ( might not
be the rght one)
1.creat access list permit any any
access-list 101 permit ip any any log
2. put it on the link that you want to see the EIGRP hello packet.
3.try the IOS hidden command
"debug ip packet 101 dump"
4.you will be catching whole IP raw packet from this link.
catch the packt from the other side sending to 224.0.0.10 like this
00:42:54: IP: s=192.168.2.7 (Ethernet1), d=224.0.0.10, len 60, rcvd 2
010F5E20: 0100 5E00000A
..^...
010F5E30: AABBCC00 6B010800 45C0003C 00000000 *;L.k...E@.<....
010F5E40: 015815F1 C0A80207 E000000A 0205EE8D .X.q@(..`.....n.
010F5E50: 00000000 00000000 00000000 00000041 ...............A
<---------"41 is the AS number"
010F5E60: 0001000C 01000100 0000000F 00040008 ................
5. read your "Routing TCP/IP vol I" EIGRP part and decode this raw IP packt,
in above case, 4th line of this raw ip packet, 41 is the AS number in
Hex, remember to convert from Hex, the as
number is 65
Sadly, you can not do the same thing with IPX, if some know how to find IPX
EIGRP remote side AS number, I buy you a
beer. =:-)
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:32:39 GMT-3