This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How do I capture RIP packets in Wireshark for Linux (Debian 8.2.0)?

0

I am running Wireshark and have configured it so that non-superusers can capture packets. I also capture on all interfaces in "Promiscuous Mode." I followed the instructions below to configure Wireshark:

I have installed Quagga and have configured both zebra and ripd according to instructions in the two links below:

I have checked the process list using "ps -ef | grep quagga" in the Linux Terminal, and it shows that Quagga is running and both zebra and ripd are running when my computer starts up. Therefore, I know that I should be seeing RIP packets sent over the network about every 30 seconds. No matter how long I leave Wireshark running, it does not capture any RIP packets.

I have considered that the issue may be with my Quagga configuration, so if anyone can also speak to that here, I appreciate any and all advice. Thank you.

asked 17 Mar '16, 06:49

NetworkAnalyzer's gravatar image

NetworkAnalyzer
6113
accept rate: 0%

edited 19 Mar '16, 08:48

Do you use any capture filter? If yes, what one? Can you see other than RIP packets?

(17 Mar '16, 08:25) sindy

No, I am not using any capture filters. I am seeing many other packets, especially when I use ping. But I never see any RIP packets.

(17 Mar '16, 09:03) NetworkAnalyzer
1

OK, in that case it is not a Wireshark question any more and the packets are really not there, unless you have by miracle disabled the RIP dissector and thus you can the RIP packets are shown as plain UDP ones in the packet list pane.

(17 Mar '16, 09:14) sindy

Thank you. I will double check the status of the RIP dissector, and will seek some additional advice on how Quagga/zebra/ripd is configured. I ask because I am setting up a Linux computer as a router, and I need to examine some RIP packets.

(17 Mar '16, 09:41) NetworkAnalyzer
1

Somewhere in the chain of the comments to your two quagga-related links I've seen that it won't work without configuring at least an IP address using quagga's command line (as if quagga wouldn't inherit anything from the system), that might be the issue.

(17 Mar '16, 09:45) sindy

Hmm, I see. I just did a search on setting the IP address in Quagga, and came across this website: http://openmaniak.com/quagga_tutorial.php

It seems to be a good guide to setting up Quagga, so I will try out what it says later and report back here for the sake of anyone else reading this post.

(17 Mar '16, 09:54) NetworkAnalyzer
showing 5 of 6 show 1 more comments

One Answer:

0

Along with the websites and information posted in my question above, I discovered two things that enabled me to capture RIP packets in Wireshark on Linux Debian 8.2.0.

1) My Linux workstation did not have IPv4 Forwarding enabled. A quick search on how to enable IPv4 Forwarding fixed that issue.

2) The .conf file for ripd needed to be filled in, not just left empty as one website suggested. I simply had to enter network information into the ripd.conf file and store that file in "/etc/quagga." The information in the ripd.conf file looks like:

  Network 199.234.24.0/24
  Network 199.234.25.0/24
  Network eth0
  Network eth1

In other words, I had to specify the networks that ripd would be working on.

Thanks to sindy for the advice as I sought an answer to this problem.

answered 18 Mar '16, 11:03

NetworkAnalyzer's gravatar image

NetworkAnalyzer
6113
accept rate: 0%

edited 19 Mar '16, 08:49