Jack, the pseudo-RIP transmissions are inside IPIP encapsulated
packets from amprgw, 169.228.34.84. They are addressed to the
standard RIP multicast address, 224.0.0.9 on port 520, and with
source address 44.0.0.1, port 520.
- Brian
Here is a typical tcpdump capture of a pseudo-RIP packet:
09:06:36.972819 IP (tos 0x0, ttl 64, id 34359, offset 0, flags [none], proto IPIP (4),
length 552)
169.228.34.84 > 24.34.225.54: IP (tos 0x0, ttl 255, id 0, offset 0, flags [none],
proto UDP (17), length 532)
44.0.0.1.520 > 224.0.0.9.520:
RIPv2, Response, length: 504, routes: 25 or less
Simple Text Authentication data: pLaInTeXtpAsSwD.
AFI IPv4, 44.0.0.1/32, tag 0x0004, metric: 1, next-hop: 169.228.34.84
AFI IPv4, 44.2.0.1/32, tag 0x0004, metric: 1, next-hop: 191.183.136.1
AFI IPv4, 44.2.2.0/24, tag 0x0004, metric: 1, next-hop: 216.218.207.198
AFI IPv4, 44.2.7.0/30, tag 0x0004, metric: 1, next-hop: 73.116.117.178
AFI IPv4, 44.2.10.0/29, tag 0x0004, metric: 1, next-hop: 104.49.12.130
AFI IPv4, 44.2.50.0/29, tag 0x0004, metric: 1, next-hop: 50.63.202.93
AFI IPv4, 44.4.2.152/29, tag 0x0004, metric: 1, next-hop: 173.167.109.217
AFI IPv4, 44.4.2.160/29, tag 0x0004, metric: 1, next-hop: 70.90.167.65
AFI IPv4, 44.4.2.168/29, tag 0x0004, metric: 1, next-hop: 76.218.13.157
AFI IPv4, 44.4.10.40/29, tag 0x0004, metric: 1, next-hop: 96.78.144.186
AFI IPv4, 44.4.12.0/24, tag 0x0004, metric: 1, next-hop: 173.164.225.173
AFI IPv4, 44.4.16.0/27, tag 0x0004, metric: 1, next-hop: 208.80.117.58
AFI IPv4, 44.4.16.32/27, tag 0x0004, metric: 1, next-hop: 67.174.250.232
AFI IPv4, 44.4.21.0/29, tag 0x0004, metric: 1, next-hop: 173.228.105.82
AFI IPv4, 44.4.28.50/32, tag 0x0004, metric: 1, next-hop: 50.79.209.150
AFI IPv4, 44.4.38.27/32, tag 0x0004, metric: 1, next-hop: 69.181.181.170
AFI IPv4, 44.4.39.0/29, tag 0x0004, metric: 1, next-hop: 73.252.222.100
AFI IPv4, 44.4.39.8/29, tag 0x0004, metric: 1, next-hop: 104.193.168.69
AFI IPv4, 44.4.50.1/32, tag 0x0004, metric: 1, next-hop: 146.74.60.92
AFI IPv4, 44.4.50.2/32, tag 0x0004, metric: 1, next-hop: 199.103.53.117
AFI IPv4, 44.4.50.3/32, tag 0x0004, metric: 1, next-hop: 50.193.38.153
AFI IPv4, 44.4.50.4/32, tag 0x0004, metric: 1, next-hop: 50.59.22.74
AFI IPv4, 44.4.50.5/32, tag 0x0004, metric: 1, next-hop: 23.202.231.167
AFI IPv4, 44.4.50.6/32, tag 0x0004, metric: 1, next-hop: 173.167.109.219
On Thu, Aug 01, 2019 at 08:51:05AM -0700, Jack Eifer via 44Net wrote:
I'm trying to monitor RIP broadcasts from ucsd
using 'tcpdump'. Does
anyone know what 44-ip address(s), port, or protocol I should source
to monitor incoming broadcasts. Is it 44.0.0.1 ?
Thanks,
Jack AA6HF