How to capture OSPF traffic using tcpdump
Googled around for a while.Don’t want to waste my time , or anybody’s time any more. Below is how:
OSFPv2 (which is over IPv4):
# tcpdump -i eth1 -n “ip[9] == 89”
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes22:59:23.541834 IP 192.168.10.1 > 224.0.0.5: OSPFv2, Hello, length 48
22:59:26.316251 IP 192.168.110.1 > 224.0.0.5: OSPFv2, Hello, length 44
22:59:28.118480 IP 192.168.10.2 > 224.0.0.5: OSPFv2, Hello, length 48
22:59:33.542223 IP 192.168.10.1 > 224.0.0.5: OSPFv2, Hello, length 48
OSPFv3 (which is over IPv6):
# tcpdump -i eth1 -n ip6 proto 0x59
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
23:13:48.159520 IP6 fe80::250:56ff:fe99:5450 > ff02::5: OSPFv3, Hello, length 40
23:13:48.159748 IP6 fe80::250:56ff:fe99:4a5f > ff02::5: OSPFv3, Hello, length 40
23:13:54.058521 IP6 fe80::250:56ff:fe99:5450 > ff02::5: OSPFv3, LS-Update, length 64
23:13:54.078248 IP6 fe80::250:56ff:fe99:5450 > ff02::5: OSPFv3, LS-Update, length 64
23:13:54.080321 IP6 fe80::250:56ff:fe99:5450 > ff02::5: OSPFv3, LS-Update, length 64
