RIP Protocol Analysis: Examining Routing Messages and Behavior

Wireshark tutorials

Introduction to RIP Protocol Analysis

Let’s dive into RIP protocol analysis to understand how the protocol functions in routing and network communication.

In our RIP protocol analysis, we use a long snake formation topology, which is a common setup for studying routing principles and message exchanges.

In this RIP protocol analysis scenario, routers R1, R2, and R3 are directly connected, allowing for an in-depth examination of routing message interactions.

RIP Protocol Analysis

After completing the following topology environment, we start to configure the RIP protocol. We now configure packet capture on the links between R1 and R2 at the same time.

First shut down F0/0 of R2. (Because GNS implements interface bridging between virtual devices on the loopback port, there is a bug that when one end of a link is down, the other end of the interface is not aware of it and is still in the up state.)

R1(config)#router rip         
R1(config-router)#no auto-summary
R1(config-router)#version 2
R1(config-router)#net 111.111.111.111
R1(config-router)#net 12.12.12.0

Then we captured two packets from wirshark

In RIP protocol analysis, it is observed that once a router’s interface is announced, it quickly sends a route request to neighboring devices while simultaneously sharing its routing table.

RIP protocol analysis reveals two primary message types: the response message, which provides routing details, and the request message, which seeks updates from neighboring routers.

There should be one message for sending routing and one for requesting routing.

Let’s first look at the message sent by the route.

Message type 2 ( response message )

Content is

Prefix

Mask

Next hop

Cost value

———————— There’s nothing wrong.

The network segment 111.111.111.1111/32 is right next to me, just one line. Just find the package of 111.111.111.111 and give it to me. I can pass it to him immediately. 100% reliable.

We are looking at requset, which is the request message.

The message structure is the same as the response message.

The message code type is 1, which is a request.

The structure of the following is the same as the answer.

address not specified The address is not specified. Obviously, this field is not filled with anything.

The mask is 0.0.0.0

The cost value is 16

The cost value is 16 !!!!!!!!

We all know that the maximum transmission rate of RIP protocol routing is 15 hops, if it exceeds this limit, it will be unreachable.

From the perspective of the content of this message, it means that it takes 16 hops for R1 to reach any unknown network segment, which means it is unreachable.

To translate it further, my R1 can’t go anywhere, so you can do whatever you want, brother.

What is the purpose of dynamic routing protocols? Isn’t it to share routes?

Isn’t the purpose of router brothers joining the organization to share routes and help each other to complete the data packet forwarding business?

Everyone for me, and I for everyone.

When router R2 receives R1’s desperate distress message saying that it can’t go anywhere, it naturally has no choice but to check its own routing table to see where it can go, and then tells R1 this information, along with a quote for paid services.

The above is the process of requesting routing from neighbors when RIP starts.

The content of the two messages, Response and Request, is the same except for the code type field.

There is absolutely no message packet specifically designed to request a complete routing table from a neighbor.

Instead, leave the IP and mask fields of the Response blank and change the cost to 16 hops to indicate to the rip neighbor device, I want your routing table.

Next is the route withdrawal message exploration test

We first shut down the lo0 port of R1 directly to simulate R1 losing the route 111.111.111.111.

R1(config)#int lo0
R1(config-if)#shutdown

Then continue to capture the packet

The normal logic should be that R1 spreads a message to its neighbors, one is to tell the neighbors that the route through itself has failed, and at the same time sends a query message to ask the neighbors to go to 111.111.111.111, “Do you have a way?”

I continued to capture a bunch of messages, and it seemed that there was no summary information related to revocation and query.

Continue to look at the details.

R1 sends a notification message to R2, telling R2 that it needs 16 hops to go to 111, which means that it is too far away from 111 and cannot go there. You can handle it yourself.

It seems to be the same as the previous routine of requesting the routing table. Now it just becomes a clear destination address.

After receiving this message, R2 looked back at its routing table. Damn, didn’t you tell me to go to 111 and find you for a delivery fee? You lied to me. I will remember not to send the data packets to 111 to you, R1. I will ask R3 about this matter and see if he can handle it by going to 111. However, I promised R3 that he could find me if he wanted to go to 111. So I just followed the liar R1 and sent a notice to R3 that it would take 16 hops to go to 111. Let him experience it himself. Anyway, that’s what R1 told him.

After receiving the message, R3 yelled “Fuck you!” and found that there was no place to look for it anymore, so he returned the message. He told R2 to figure it out on his own. R2 saw that he had no idea, so he turned back and told R1 that it would take 16 jumps to get to 111.

The last page is the summary

The RIP protocol does not develop and design communication messages specifically for the following requirements:

Request the entire routing table from the neighbor,

Notify the neighbor to withdraw the route it has advertised to it.

Query the neighbor for the specified routing information ,

Notify neighbors that I do not have the route you requested.

Instead, it cleverly uses the regular routing advertisement message structure combined with an unreachable cost value (16) to form a sentence,

That place is too far and requires 16 jumps. It’s up to you whether you want to give me the things leading to that place.

Everyone shared the routing information by cheating on each other.

The Advanced Distance Vector Routing Protocol EIGRP is similar. The designated route query message and the final response message of unreachable destination are both such cheating mechanisms that do not clearly tell you what I want to do and you decide for yourself.

The following is the query message of eigrp (I will not put the response message)

4294967295/256*10=167,772,159.96 microseconds, 1 second is equal to 10^6 microseconds . 167.7 seconds

The speed of light is 300,000 km/s 30W*167=50.1 million kilometers. Haha, the closest distance between the earth and Mars is 55.65 million kilometers. Brother, the destination you want to go to is probably on Mars.

Click to rate this post!
[Total: 0 Average: 0]
Share this