Re: [44net] RIP broadcasts

1 Aug 2019

      Jack, the pseudo-RIP transmissions are inside IPIP encapsulated
packets from amprgw, 169.228.34.84.  They are addressed to the
standard RIP multicast address, 224.0.0.9 on port 520, and with
source address 44.0.0.1, port 520.
    - Brian
Here is a typical tcpdump capture of a pseudo-RIP packet:
09:06:36.972819 169.228.34.84 44.0.0.1.520 > 224.0.0.9.520: RIPv2,

AFI IPv4, AFI IPv4, AFI IPv4, AFI IPv4, AFI IPv4, AFI IPv4, AFI IPv4, AFI IPv4, AFI IPv4, AFI IPv4, AFI IPv4, AFI IPv4, AFI IPv4, AFI IPv4, AFI IPv4, AFI IPv4, AFI IPv4, AFI IPv4, AFI IPv4, AFI IPv4, AFI IPv4, AFI IPv4, AFI IPv4, AFI IPv4,

IP (tos 0x0, ttl 64, id 34359, offset 0, flags [none], proto IPIP (4), length 552) > 24.34.225.54: IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto UDP (17), length 532) Response, length: 504, routes: 25 or less Simple Text Authentication data: pLaInTeXtpAsSwD. 44.0.0.1/32, tag 0x0004, metric: 1, next-hop: 169.228.34.84 44.2.0.1/32, tag 0x0004, metric: 1, next-hop: 191.183.136.1 44.2.2.0/24, tag 0x0004, metric: 1, next-hop: 216.218.207.198 44.2.7.0/30, tag 0x0004, metric: 1, next-hop: 73.116.117.178 44.2.10.0/29, tag 0x0004, metric: 1, next-hop: 104.49.12.130 44.2.50.0/29, tag 0x0004, metric: 1, next-hop: 50.63.202.93 44.4.2.152/29, tag 0x0004, metric: 1, next-hop: 173.167.109.217 44.4.2.160/29, tag 0x0004, metric: 1, next-hop: 70.90.167.65 44.4.2.168/29, tag 0x0004, metric: 1, next-hop: 76.218.13.157 44.4.10.40/29, tag 0x0004, metric: 1, next-hop: 96.78.144.186 44.4.12.0/24, tag 0x0004, metric: 1, next-hop: 173.164.225.173 44.4.16.0/27, tag 0x0004, metric: 1, next-hop: 208.80.117.58 44.4.16.32/27, tag 0x0004, metric: 1, next-hop: 67.174.250.232 44.4.21.0/29, tag 0x0004, metric: 1, next-hop: 173.228.105.82 44.4.28.50/32, tag 0x0004, metric: 1, next-hop: 50.79.209.150 44.4.38.27/32, tag 0x0004, metric: 1, next-hop: 69.181.181.170 44.4.39.0/29, tag 0x0004, metric: 1, next-hop: 73.252.222.100 44.4.39.8/29, tag 0x0004, metric: 1, next-hop: 104.193.168.69 44.4.50.1/32, tag 0x0004, metric: 1, next-hop: 146.74.60.92 44.4.50.2/32, tag 0x0004, metric: 1, next-hop: 199.103.53.117 44.4.50.3/32, tag 0x0004, metric: 1, next-hop: 50.193.38.153 44.4.50.4/32, tag 0x0004, metric: 1, next-hop: 50.59.22.74 44.4.50.5/32, tag 0x0004, metric: 1, next-hop: 23.202.231.167 44.4.50.6/32, tag 0x0004, metric: 1, next-hop: 173.167.109.219
On Thu, Aug 01, 2019 at 08:51:05AM -0700, Jack Eifer via 44Net wrote:
...
I'm trying to monitor RIP broadcasts from ucsd using 'tcpdump'. Does 
anyone know what 44-ip address(s), port, or protocol  I should  source 
to monitor incoming broadcasts. Is it 44.0.0.1 ?
Thanks,
Jack AA6HF

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Re: [44net] RIP broadcasts