From: Volkov, Dmitry (IDS Canada) (dmitry_volkov@ca.ml.com)
Date: Sat Jul 12 2003 - 03:07:43 GMT-3
Not really. RIP v2 is doing L2 multicast 01005E000009 which is mapped to L3
224.0.0.9
RIP v1 is doing L2 boadcast FFFFFFFFFFFF which is mapped to L3 broadcast
255.255.255.255 (not subnet broadcast)
Just took another PIX 501 with 6.3 - there evything OK there.
I guess it's bug. However pretty consistent ;)
> -----Original Message-----
> From: P729 [mailto:p729@cox.net]
> Sent: Saturday, July 12, 2003 1:43 AM
> To: Volkov, Dmitry (IDS Canada); security@groupstudy.com
> Cc: ccielab@groupstudy.com
> Subject: Re: PIX sending strange v1 RIP
>
>
> Interesting. I thought RIP did an IP subnet broadcast with a layer-2
> broadcast (all 1's). All multicast MAC addresses begin with
> 01005e with the
> remainder mapped from the IP address, so it looks like the
> PIX is indeed
> doing an IP subnet broadcast, but with the MAC set to a
> multicast address.
> Okay...
>
> Regards,
>
> Mas Kato
> https://ecardfile.com/id/mkato
>
> ----- Original Message -----
> From: "Volkov, Dmitry (IDS Canada)" <dmitry_volkov@ca.ml.com>
> To: <security@groupstudy.com>
> Cc: <ccielab@groupstudy.com>
> Sent: Friday, July 11, 2003 10:03 PM
> Subject: PIX sending strange v1 RIP
>
>
> PIX 515 v.6.2(1):
> rip inside passive version 1
> rip inside default version 1
>
> Did somebody see RIP v1 with Destination MAC 01005E7FFFFF ????
> Bug ?
>
>
> - - - - - - - - - - - - - - - - - - - - Frame 1 - - - - - - -
> - - - - - - -
> - - - - - -
> Frame Status Source Destination
> Bytes Rel Time
> Delta Time Abs time Summary
> --------------------------------------------------------------
> --------------
> --------------------------------------------------------------
> --------------
> -------------
> 1 M [170.70.50.17] [255.255.255.255]
> 66 0:00:00.000
> 0.000.000 07/12/2003 12:26:35 AM RIP: R Routing entries=1
> DLC: ----- DLC Header -----
> DLC:
> DLC: Frame 1 arrived at 23:26:35.2835; frame size is
> 66 (0042 hex)
> bytes.
> DLC: Destination = Multicast 01005E7FFFFF
> DLC: Source = Station Cisco 8FCA5D
> DLC: Ethertype = 0800 (IP)
> DLC:
> IP: ----- IP Header -----
> IP:
> IP: Version = 4, header length = 20 bytes
> IP: Type of service = 00
> IP: 000. .... = routine
> IP: ...0 .... = normal delay
> IP: .... 0... = normal throughput
> IP: .... .0.. = normal reliability
> IP: .... ..0. = ECT bit - transport protocol will
> ignore the CE
> bit
> IP: .... ...0 = CE bit - no congestion
> IP: Total length = 52 bytes
> IP: Identification = 9352
> IP: Flags = 0X
> IP: .0.. .... = may fragment
> IP: ..0. .... = last fragment
> IP: Fragment offset = 0 bytes
> IP: Time to live = 255 seconds/hops
> IP: Protocol = 17 (UDP)
> IP: Header checksum = BAD9 (correct)
> IP: Source address = [170.70.50.17]
> IP: Destination address = [255.255.255.255]
> IP: No options
> IP:
> UDP: ----- UDP Header -----
> UDP:
> UDP: Source port = 520 (Route)
> UDP: Destination port = 520 (Route)
> UDP: Length = 32
> UDP: Checksum = 1D43 (correct)
> UDP: [24 byte(s) of data]
> UDP:
> RIP: ----- RIP Header -----
> RIP:
> RIP: Command = 2 (Response)
> RIP: Version = 1
> RIP: Unused = 0
> RIP:
> RIP: Routing data frame 1
> RIP: Address family identifier = 2 (IP)
> RIP: IP Address = [0.0.0.0] (Default route)
> RIP: Metric = 1
> RIP:
>
>
> ______________________________________________________________
> _________
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Wed Aug 06 2003 - 06:52:37 GMT-3