RE: IP Protocol 89?
>--- "Buri, Heather H" <[EMAIL PROTECTED]> wrote: >> Chris, >> >> I believe all the routing protocols have their own unique port >> identifiers. > >Close. IP routing protocols *may* use layer 4 sockets for data. But for >identification is the IP protocol type. Don't even restrict it to IP protocol type: BGP runs over TCP RIP runs over UDP OSPF, IGRP, and EIGRP run directly over IP IS-IS runs directly over data link. There's no question that there are policies that restrict, in particular, ICMP or UDP, so that's a common application of protocol numbers. In access-list statements, TCP, UDP, ICMP, etc., are macros for the protocol type number, just as telnet, http, etc., are macros for port numbers. Before filtering routing protocol packets, especially with access lists that operate on protocol type rather than distribute lists or route maps, know exactly what you are doing -- in particular, when working with OSPF. Link state protocols, as implemented today, generally need to flood in an area, and filtering them may break the routing system. > >> I am reading Doyle's Routing TCP/IP Vol 1 right now and it discusses all >> of >> the routing protocols in some detail. RIP uses port 520, IGRP/EIGRP use >> protocol 9. Doyle does give examples of packet captures on each of the >> different protocols and the port/protocol does indeed show up in the >> routing >> protocol packet header. Overall, I am finding this an extremely good >> book. >> I can see now why so many recommend it. >> >> I don't have a lot of experience manipulating the routing protocols in >> such >> a way as you mention below but I don't see why it could not be done >> based on >> the fact that they do use known port/protocol id's. >> >> Someone else may be able to shed some additional light on this for you. >> > > Heather Buri >> > > > In trying to understand OSPF in much more detail, I am reading RFC 2328. >> Several times Mr. Moy refers to OSPF as " IP Protocol 89". John is a mathematician by background. Figures. :-) >I checked the >> "RFC/Port Number" page that I reference often >> (http://www.networksorcery.com/enp/default0301.htm) and found that >> indeed >> OSPF is IP Protocol 89. I have not seen this before. Sure, I've worked >> with >> TCP/UDP port numbers, but this is the first time I've paid attention to >> the >> fact that the protocols themselves have numbers too. This is >> interesting. > >read RFC 1700 > >IP header has an 8 bit protocol type field > > >> Should I look at 89 as a number that can be manipulated as I would 23 >> (telnet) or 69 (tftp)? Can someone explain where these numbers are used? > >Define manipulate? > >> Are > > they found in headers? As networkers, are we concerned with these >> numbers? >> Does anyone commonly filter based on a protocol's number? Or is getting >> this > > granular an exercise in futility for a network engineer? I suppose it depends how granular the problem is. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IP Protocol 89?
Joe, I just bought the CCIE StudyGuide by Roosevelt Giles.. Excellent book with some dumb mistakes but still an excellent book. It includes a CD with the book that has all kinds of goodies, including sniffer traces for everything in OSPF you could ever want... He put the traces in PDF format.. I'd send them to you but I think that would be a copyright no no. The book was only $40 something and well worth it.. Cory -Original Message- From: Joe Dewberry [mailto:[EMAIL PROTECTED]] Sent: Friday, February 23, 2001 12:25 PM To: [EMAIL PROTECTED] Subject: Re: IP Protocol 89? Heydoes anybody have a net xray .cap file they could post to the group? All of the networks I have seen have NO OSPF! I'd like a chance to run it thru a sniffer and see the traffic patterns, decodes etc ""Kane, Christopher A."" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > In trying to understand OSPF in much more detail, I am reading RFC 2328. > Several times Mr. Moy refers to OSPF as " IP Protocol 89". I checked the > "RFC/Port Number" page that I reference often > (http://www.networksorcery.com/enp/default0301.htm) and found that indeed > OSPF is IP Protocol 89. I have not seen this before. Sure, I've worked with > TCP/UDP port numbers, but this is the first time I've paid attention to the > fact that the protocols themselves have numbers too. This is interesting. > > Should I look at 89 as a number that can be manipulated as I would 23 > (telnet) or 69 (tftp)? Can someone explain where these numbers are used? Are > they found in headers? As networkers, are we concerned with these numbers? > Does anyone commonly filter based on a protocol's number? Or is getting this > granular an exercise in futility for a network engineer? > > Thanks, > Chris > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP Protocol 89?
Heydoes anybody have a net xray .cap file they could post to the group? All of the networks I have seen have NO OSPF! I'd like a chance to run it thru a sniffer and see the traffic patterns, decodes etc ""Kane, Christopher A."" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > In trying to understand OSPF in much more detail, I am reading RFC 2328. > Several times Mr. Moy refers to OSPF as " IP Protocol 89". I checked the > "RFC/Port Number" page that I reference often > (http://www.networksorcery.com/enp/default0301.htm) and found that indeed > OSPF is IP Protocol 89. I have not seen this before. Sure, I've worked with > TCP/UDP port numbers, but this is the first time I've paid attention to the > fact that the protocols themselves have numbers too. This is interesting. > > Should I look at 89 as a number that can be manipulated as I would 23 > (telnet) or 69 (tftp)? Can someone explain where these numbers are used? Are > they found in headers? As networkers, are we concerned with these numbers? > Does anyone commonly filter based on a protocol's number? Or is getting this > granular an exercise in futility for a network engineer? > > Thanks, > Chris > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IP Protocol 89?
--- "Buri, Heather H" <[EMAIL PROTECTED]> wrote: > Chris, > > I believe all the routing protocols have their own unique port > identifiers. Close. IP routing protocols *may* use layer 4 sockets for data. But for identification is the IP protocol type. > I am reading Doyle's Routing TCP/IP Vol 1 right now and it discusses all > of > the routing protocols in some detail. RIP uses port 520, IGRP/EIGRP use > protocol 9. Doyle does give examples of packet captures on each of the > different protocols and the port/protocol does indeed show up in the > routing > protocol packet header. Overall, I am finding this an extremely good > book. > I can see now why so many recommend it. > > I don't have a lot of experience manipulating the routing protocols in > such > a way as you mention below but I don't see why it could not be done > based on > the fact that they do use known port/protocol id's. > > Someone else may be able to shed some additional light on this for you. > > Heather Buri > > -Original Message- > From: Kane, Christopher A. [mailto:[EMAIL PROTECTED]] > Sent: Friday, February 23, 2001 9:38 AM > To: '[EMAIL PROTECTED]' > Subject: IP Protocol 89? > > > In trying to understand OSPF in much more detail, I am reading RFC 2328. > Several times Mr. Moy refers to OSPF as " IP Protocol 89". I checked the > "RFC/Port Number" page that I reference often > (http://www.networksorcery.com/enp/default0301.htm) and found that > indeed > OSPF is IP Protocol 89. I have not seen this before. Sure, I've worked > with > TCP/UDP port numbers, but this is the first time I've paid attention to > the > fact that the protocols themselves have numbers too. This is > interesting. read RFC 1700 IP header has an 8 bit protocol type field > Should I look at 89 as a number that can be manipulated as I would 23 > (telnet) or 69 (tftp)? Can someone explain where these numbers are used? Define manipulate? > Are > they found in headers? As networkers, are we concerned with these > numbers? > Does anyone commonly filter based on a protocol's number? Or is getting > this > granular an exercise in futility for a network engineer? > access-list 101 permit ospf any any where "ospf" is the IP type is one example. HTH. __ Do You Yahoo!? Yahoo! Auctions - Buy the things you want at great prices! http://auctions.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IP Protocol 89?
Chris, I believe all the routing protocols have their own unique port identifiers. I am reading Doyle's Routing TCP/IP Vol 1 right now and it discusses all of the routing protocols in some detail. RIP uses port 520, IGRP/EIGRP use protocol 9. Doyle does give examples of packet captures on each of the different protocols and the port/protocol does indeed show up in the routing protocol packet header. Overall, I am finding this an extremely good book. I can see now why so many recommend it. I don't have a lot of experience manipulating the routing protocols in such a way as you mention below but I don't see why it could not be done based on the fact that they do use known port/protocol id's. Someone else may be able to shed some additional light on this for you. Heather Buri -Original Message- From: Kane, Christopher A. [mailto:[EMAIL PROTECTED]] Sent: Friday, February 23, 2001 9:38 AM To: '[EMAIL PROTECTED]' Subject: IP Protocol 89? In trying to understand OSPF in much more detail, I am reading RFC 2328. Several times Mr. Moy refers to OSPF as " IP Protocol 89". I checked the "RFC/Port Number" page that I reference often (http://www.networksorcery.com/enp/default0301.htm) and found that indeed OSPF is IP Protocol 89. I have not seen this before. Sure, I've worked with TCP/UDP port numbers, but this is the first time I've paid attention to the fact that the protocols themselves have numbers too. This is interesting. Should I look at 89 as a number that can be manipulated as I would 23 (telnet) or 69 (tftp)? Can someone explain where these numbers are used? Are they found in headers? As networkers, are we concerned with these numbers? Does anyone commonly filter based on a protocol's number? Or is getting this granular an exercise in futility for a network engineer? Thanks, Chris _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP Protocol 89?
See comments inline. - Original Message - From: Kane, Christopher A. To: '[EMAIL PROTECTED]' Sent: Friday, February 23, 2001 10:38 AM Subject: IP Protocol 89? >In trying to understand OSPF in much more detail, I am reading RFC 2328. >Several times Mr. Moy refers to OSPF as " IP Protocol 89". I checked the >"RFC/Port Number" page that I reference often >(http://www.networksorcery.com/enp/default0301.htm) and found that indeed >OSPF is IP Protocol 89. I have not seen this before. Sure, I've worked with >TCP/UDP port numbers, but this is the first time I've paid attention to the >fact that the protocols themselves have numbers too. This is interesting. >Should I look at 89 as a number that can be manipulated as I would 23 >(telnet) or 69 (tftp)? Sure. You can filter on them, let them through, whatever. However, keep reading. >Can someone explain where these numbers are used? Are >they found in headers? Yep. Consider the frame as it goes up the stack. The type field says "0800," so it gets handed up to IP. IP has its own protocol field - it will *typically* be 6 or 17 (TCP or UDP respectfully, I think), and will be handed up to TCP or UDP accordingly. From there, the port number will be looked at - and will be 23 for Telnet, 69 for TFTP, as you mentioned. In the case of OSPF, the IP protocol number is 89 - neither TCP (6) nor UDP (17), but rather OSPF. It's sometimes referred to as "its own Layer 4 protocol." >As networkers, are we concerned with these numbers? Absolutely. >Does anyone commonly filter based on a protocol's number? Sure. Imagine you want to filter everything except for OSPF traffic. You'd have to have a permit statement which allows IP protocol 89 - it wouldn't be accurate to allow TCP or UDP port number 89 - that'd be something different (and I'm too lazy to look up what it would be, if it even exists ;-). >Or is getting this >granular an exercise in futility for a network engineer? You know, that's something I struggle with a lot. Does it really matter to me how many bytes PPP multilink adds to a frame as it goes across a serial link? Maybe someone else has a better answer, but in my experience it hasn't mattered. But in this case, it will matter *if* you're running OSPF and *if* you're doing a lot of heavy filtering. >Thanks, >Chris More than welcome. :-) Bradley J. Wilson CCNP as of Monday, CCDP as of this morning, NNCSS, MCSE, CNX, MCT, CTT _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP Protocol 89?
Chris, Someone else can probably do a more detailed job with this than I can but... OSPF doesn't use TCP or UDP to transmit data. It is its own protocol, therefore has a unique protocol #. TCP and UDP also have protocol #s, as does ICMP (again ICMP does not use either TCP nor UDP) -- Neil Schneider MCT MCSE CCSI CCNP ""Kane, Christopher A."" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > In trying to understand OSPF in much more detail, I am reading RFC 2328. > Several times Mr. Moy refers to OSPF as " IP Protocol 89". I checked the > "RFC/Port Number" page that I reference often > (http://www.networksorcery.com/enp/default0301.htm) and found that indeed > OSPF is IP Protocol 89. I have not seen this before. Sure, I've worked with > TCP/UDP port numbers, but this is the first time I've paid attention to the > fact that the protocols themselves have numbers too. This is interesting. > > Should I look at 89 as a number that can be manipulated as I would 23 > (telnet) or 69 (tftp)? Can someone explain where these numbers are used? Are > they found in headers? As networkers, are we concerned with these numbers? > Does anyone commonly filter based on a protocol's number? Or is getting this > granular an exercise in futility for a network engineer? > > Thanks, > Chris > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IP Protocol 89?
In trying to understand OSPF in much more detail, I am reading RFC 2328. Several times Mr. Moy refers to OSPF as " IP Protocol 89". I checked the "RFC/Port Number" page that I reference often (http://www.networksorcery.com/enp/default0301.htm) and found that indeed OSPF is IP Protocol 89. I have not seen this before. Sure, I've worked with TCP/UDP port numbers, but this is the first time I've paid attention to the fact that the protocols themselves have numbers too. This is interesting. Should I look at 89 as a number that can be manipulated as I would 23 (telnet) or 69 (tftp)? Can someone explain where these numbers are used? Are they found in headers? As networkers, are we concerned with these numbers? Does anyone commonly filter based on a protocol's number? Or is getting this granular an exercise in futility for a network engineer? Thanks, Chris _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
