Tutorial: Open Shortest Path First (OSPF)

ospDecode

Open Shortest Path First (OSPF) is an interior routing protocol based on Dijkstra’s algorithm. The plugin produces besides flow and packet information also three extra summary files for version2 (ipv4) and version3 (ipv6). These summary files allow the reconstruction of the network under investigation.

Preparation

Before we start we need to prepare T2. If you did not complete the tutorials before just follow the procedure described below.

First I recommend to set T2 into a pristine state by removing all unnecessary or older plugins from the plugin folder ~/.tranalyzer/plugins. Just as a precaution if you have some old plugins or files there. If you like to keep them, please copy them away.

$ t2build -e
Are you sure you want to empty the plugin folder '/home/wurst/.tranalyzer/plugins' (y/N)? y
Plugin folder emptied
$
$ t2build tranalyzer2 basicFlow ospfDecode txtSink
...
BUILD SUCCESSFUL

$

If you did not create a separate data and results directory yet, please do it now in another cmd window, that facilitates your workflow:

$ mkdir ~/data ~/results
$

Download the sample pcaps for version 2 and version 2&3 into your /data folder:

and you’re all set. The latter is provided with the courtesy of openfactory GmbH. So thanx from the Anteater.

OSPF flow config

The configuration of ospfDecode allows you to define the representation of IPs, ospf types in all files, or activate certain output. Let’s have a look.

$ ospfDecode
$ vi src/ospfDecode.h

The first three switches control the output of hello, database and message global files. If you switch them off, none will be generated.

These files contain vital information to reverse engineer the network and its operation. If you are only interesed in flow files, switch them off by setting the constants to 0.

The next three control the format of MASK, AREA and LSID numbers inf the said three files. The default is set to a standard representation. The lstype can be represented as integer or string.

Last, the number of neighbour and type output in the flow file can be configured.

You may reconfigure that with t2conf or just edit the file. We leave it at the default value for this tutorial as we like to show all capabillities of the plugin.

Now run t2 on the pcap using the -s packet option.

$ t2 -r ~/data/ospfV2Multi.pcap -w ~/results/ -s
================================================================================
Tranalyzer 0.8.9 (Anteater), Tarantula. PID: 11485
================================================================================
[INF] Creating flows for L2, IPv4, IPv6
Active plugins:
    01: basicFlow, 0.8.9
    02: ospfDecode, 0.8.9
    03: txtSink, 0.8.9
[INF] IPv4 Ver: 5, Rev: 16122020, Range Mode: 0, subnet ranges loaded: 406027 (406.03 K)
[INF] IPv6 Ver: 5, Rev: 17122020, Range Mode: 0, subnet ranges loaded: 50973 (50.97 K)
Processing file: /home/wurst/data/ospfV2Multi.pcap
Link layer type: Ethernet [EN10MB/1]
Dump start: 1191184656.892601 sec (Sun 30 Sep 2007 20:37:36 GMT)
Dump stop : 1191185276.940664 sec (Sun 30 Sep 2007 20:47:56 GMT)
Total dump duration: 620.048063 sec (10m 20s)
Finished processing. Elapsed time: 0.014909 sec
Finished unloading flow memory. Time: 0.015115 sec
Percentage completed: 100.00%
Number of processed packets: 643
Number of processed bytes: 61014 (61.01 K)
Number of raw bytes: 61014 (61.01 K)
Number of pcap bytes: 71326 (71.33 K)
Number of IPv4 packets: 643 [100.00%]
Number of A packets: 624 [97.05%]
Number of B packets: 19 [2.95%]
Number of A bytes: 59108 (59.11 K) [96.88%]
Number of B bytes: 1906 (1.91 K) [3.12%]
Average A packet load: 94.72
Average B packet load: 100.32
--------------------------------------------------------------------------------
ospfDecode: Aggregated ospfStat: 0x01
ospfDecode: Aggregated ospfType: v2=0x3e, v3=0x00
ospfDecode: Number of OSPFv2 packets: 643 [100.00%]
--------------------------------------------------------------------------------
Headers count: min: 3, max: 3, average: 3.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Number of processed   flows: 17
Number of processed A flows: 13 [76.47%]
Number of processed B flows: 4 [23.53%]
Number of request     flows: 13 [76.47%]
Number of reply       flows: 4 [23.53%]
Total   A/B    flow asymmetry: 0.53
Total req/rply flow asymmetry: 0.53
Number of processed   packets/flows: 37.82
Number of processed A packets/flows: 48.00
Number of processed B packets/flows: 4.75
Number of processed total packets/s: 1.04
Number of processed A+B   packets/s: 1.04
Number of processed A     packets/s: 1.01
Number of processed   B   packets/s: 0.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Number of average processed flows/s: 0.03
Average full raw bandwidth: 787 b/s
Average full bandwidth : 787 b/s
Max number of flows in memory: 17 [0.01%]
Memory usage: 0.01 GB [0.02%]
Aggregate flow status: 0x0400000000004000
[INF] IPv4 flows
$

The end report status variables give an early indication of the content of the pcap at hand and whether errors have been detected.

$ tawk -V ospfStat

The ospfStat column is to be interpreted as follows:

   bit | ospfStat | Description
   =============================================================================
     0 | 0x01     | OSPF detected
     1 | 0x02     | OSPFv2 message had invalid TTL (!= 0)
     2 | 0x04     | OSPFv2 message had invalid destination
     3 | 0x08     | OSPF message had invalid type
     4 | 0x10     | OSPF unknown version
     5 | 0x20     | -
     6 | 0x40     | -
     7 | 0x80     | OSPF message was malformed (snapped, covert channels?, ...)

$

The type bit field tells you about the completeness of your pcap and the origin of the sniffer. If here is something missing you expected, then you should first ask where in the network the traffic was acquired.

$ tawk -V ospfType=0x3e
The ospfType column with value 0x3e is to be interpreted as follows:

   bit | ospfType | Description
   =============================================================================
     1 | 0x02     | OSPF Hello
     2 | 0x04     | OSPF Database Description
     3 | 0x08     | OSPF LS Request
     4 | 0x10     | OSPF LS Update
     5 | 0x20     | OSPF Acknowledge

$

In the results directory you find additional global files:

  • _ospfStats (v2&3 packet statistics for Types and LStype)
  • _ospfHello (v2&3 Hello Messages for Network reversing)
  • _ospfDBD (v2&3 Database Messages for troubleshooting and router info correlation)
  • _ospf[2|3]Msg (v2|3 Besides others, LSupdate msgs necessary for correlation with Hello & DBD)

Have a look into the directory this is how it looks like in the default configuration:

$ ls
ospfV2Multi_flows.txt  ospfV2Multi_headers.txt  ospfV2Multi_ospf2Msg.txt  ospfV2Multi_ospf3Msg.txt  ospfV2Multi_ospfDBD.txt  ospfV2Multi_ospfHello.txt  ospfV2Multi_ospfStats.txt  ospfV2Multi_packets.txt
$

The global status file gives an overview about the occurrence of different ospf versions, packet types and LS types. After some time you have a feeling for normal relative counts in your network. If that is off, then something is about to get wrong. As we have no ospfv3 traffic, the report is empty.

$ cat osptV2MultiArea_ospfStats.txt 
Number of OSPF packets: 206 [100.00%]
Number of OSPFv2 packets: 206 [100.00%]

Number of OSPFv2 multicast packets: 200 [97.09%]
Number of OSPFv2 packets with null authentication: 206 [100.00%]

OSPFv2 Link State Request / Update ratio: 0.000
OSPFv2 Link State Update / Acknowledgment ratio: 2.375

OSPFv3 Link State Request / Update ratio: 0.000
OSPFv3 Link State Update / Acknowledgment ratio: 0.000

# OSPFv2 Type       	             Packets
Hello               	                 179 [ 86.89%]
LSUp                	                  19 [  9.22%]
LSAck               	                   8 [  3.88%]

# OSPFv3 Type       	             Packets

# OSPFv2 LS Type    	               Count
Router_1            	                  21
Network_2           	                   7

# OSPFv3 LS Type    	               Count
$

The flow file contains according to default config a list of important header and content; especially the password is interesting, if present. source routers and neighbors are interesting if you do not want to look into the Hello file.

$ cd ~/results
$ tcol ospfV2Multi_flows.txt 
%dir  flowInd  flowStat            timeFirst          timeLast           duration    numHdrDesc  numHdrs  hdrDesc        srcMac             dstMac             ethType  ethVlanID  srcIP          srcIPCC  srcIPOrg           srcPort  dstIP          dstIPCC  dstIPOrg               dstPort  l4Proto  ospfStat  ospfVersion  ospfType          ospfLSType          ospfAuType  ospfAuPass  ospfArea  ospfSrcRtr     ospfBkupRtr   ospfNeighbors
A     11       0x0400000000004000  1191184701.968615  1191184707.448402  5.479787    1           3        eth:ipv4:ospf  00:11:21:3b:01:f8  00:11:21:3b:07:26  0x0800              192.168.10.6   07       "Private network"  0        192.168.10.5   07       "Private network"      0        89       0x01      2            DBD;LSReq;LSUp    0x0000000000000002  0x0001                  0         192.168.10.10  0.0.0.0       
B     11       0x0400000000004001  1191184701.970131  1191184707.108175  5.138044    1           3        eth:ipv4:ospf  00:11:21:3b:07:26  00:11:21:3b:01:f8  0x0800              192.168.10.5   07       "Private network"  0        192.168.10.6   07       "Private network"      0        89       0x01      2            DBD;LSReq;LSUp    0x0000000000000002  0x0001                  0         192.168.10.5   0.0.0.0       
A     10       0x0400000000004000  1191184701.928314  1191184720.791423  18.863109   1           3        eth:ipv4:ospf  00:11:21:3b:07:26  00:11:21:3a:f4:d2  0x0800              192.168.10.1   07       "Private network"  0        192.168.10.2   07       "Private network"      0        89       0x01      2            DBD;LSReq;LSUp    0x0000000000000006  0x0001                  0         192.168.10.5   0.0.0.0       
B     10       0x0400000000004001  1191184715.443857  1191184720.859486  5.415629    1           3        eth:ipv4:ospf  00:11:21:3a:f4:d2  00:11:21:3b:07:26  0x0800              192.168.10.2   07       "Private network"  0        192.168.10.1   07       "Private network"      0        89       0x01      2            DBD;LSReq;LSUp    0x0000000000000002  0x0001                  0         192.168.10.9   0.0.0.0       
A     12       0x0400000000004000  1191184720.403377  1191184733.300394  12.897017   1           3        eth:ipv4:ospf  00:11:21:3a:f4:d2  00:11:21:3b:01:f8  0x0800              192.168.9.1    07       "Private network"  0        192.168.9.2    07       "Private network"      0        89       0x01      2            DBD               0x0000000000000000  0x0001                  0         192.168.10.9   0.0.0.0       
B     12       0x0400000000004001  1191184733.291209  1191184733.298747  0.007538    1           3        eth:ipv4:ospf  00:11:21:3b:01:f8  00:11:21:3a:f4:d2  0x0800              192.168.9.2    07       "Private network"  0        192.168.9.1    07       "Private network"      0        89       0x01      2            DBD               0x0000000000000000  0x0001                  0         192.168.10.10  0.0.0.0       
A     13       0x0400000000004000  1191184720.479501  1191184733.381503  12.902002   1           3        eth:ipv4:ospf  00:11:21:3a:f4:d2  00:11:21:3b:01:f8  0x0800              192.168.10.9   07       "Private network"  0        192.168.10.10  07       "Private network"      0        89       0x01      2            DBD               0x0000000000000000  0x0001                  0         192.168.10.9   0.0.0.0       
B     13       0x0400000000004001  1191184733.371293  1191184733.379527  0.008234    1           3        eth:ipv4:ospf  00:11:21:3b:01:f8  00:11:21:3a:f4:d2  0x0800              192.168.10.10  07       "Private network"  0        192.168.10.9   07       "Private network"      0        89       0x01      2            DBD               0x0000000000000000  0x0001                  0         192.168.10.10  0.0.0.0       
A     7        0x0400000000004000  1191184693.296123  1191185273.266108  579.969985  1           3        eth:ipv4:ospf  00:11:21:3b:01:f8  01:00:5e:00:00:05  0x0800              192.168.9.2    07       "Private network"  0        224.0.0.5      10       "OSPFIGP All Routers"  0        89       0x01      2            Hello;LSUp        0x0000000000000006  0x0001                  0         192.168.10.10  192.168.9.1   192.168.10.9
A     8        0x0400000000004000  1191184693.336610  1191185273.310219  579.973609  1           3        eth:ipv4:ospf  00:11:21:3b:01:f8  01:00:5e:00:00:05  0x0800              192.168.10.6   07       "Private network"  0        224.0.0.5      10       "OSPFIGP All Routers"  0        89       0x01      2            Hello;LSUp;LSAck  0x0000000000000006  0x0001                  0         192.168.10.10  192.168.10.6  192.168.10.5
A     9        0x0400000000004000  1191184693.375943  1191185273.350306  579.974363  1           3        eth:ipv4:ospf  00:11:21:3b:01:f8  01:00:5e:00:00:05  0x0800              192.168.10.10  07       "Private network"  0        224.0.0.5      10       "OSPFIGP All Routers"  0        89       0x01      2            Hello;LSUp;LSAck  0x0000000000000006  0x0001                  0         192.168.10.10  192.168.10.9  192.168.10.9
A     4        0x0400000000004000  1191184675.408013  1191185275.379324  599.971311  1           3        eth:ipv4:ospf  00:11:21:3a:f4:d2  01:00:5e:00:00:05  0x0800              192.168.9.1    07       "Private network"  0        224.0.0.5      10       "OSPFIGP All Routers"  0        89       0x01      2            Hello;LSUp;LSAck  0x0000000000000006  0x0001                  0         192.168.10.9   192.168.9.1   192.168.10.10
A     5        0x0400000000004000  1191184675.446905  1191185275.419432  599.972527  1           3        eth:ipv4:ospf  00:11:21:3a:f4:d2  01:00:5e:00:00:05  0x0800              192.168.10.2   07       "Private network"  0        224.0.0.5      10       "OSPFIGP All Routers"  0        89       0x01      2            Hello;LSUp;LSAck  0x0000000000000006  0x0001                  0         192.168.10.9   192.168.10.1  192.168.10.5
A     6        0x0400000000004000  1191184675.483847  1191185275.455436  599.971589  1           3        eth:ipv4:ospf  00:11:21:3a:f4:d2  01:00:5e:00:00:05  0x0800              192.168.10.9   07       "Private network"  0        224.0.0.5      10       "OSPFIGP All Routers"  0        89       0x01      2            Hello;LSUp;LSAck  0x0000000000000002  0x0001                  0         192.168.10.9   192.168.10.9  192.168.10.10
A     1        0x0400000000004000  1191184656.892601  1191185276.860545  619.967944  1           3        eth:ipv4:ospf  00:11:21:3b:07:26  01:00:5e:00:00:05  0x0800              192.168.8.1    07       "Private network"  0        224.0.0.5      10       "OSPFIGP All Routers"  0        89       0x01      2            Hello             0x0000000000000000  0x0001                  0         192.168.10.5   0.0.0.0       
A     2        0x0400000000004000  1191184656.930801  1191185276.900648  619.969847  1           3        eth:ipv4:ospf  00:11:21:3b:07:26  01:00:5e:00:00:05  0x0800              192.168.10.1   07       "Private network"  0        224.0.0.5      10       "OSPFIGP All Routers"  0        89       0x01      2            Hello;LSUp;LSAck  0x0000000000000006  0x0001                  0         192.168.10.5   192.168.10.1  192.168.10.9
A     3        0x0400000000004000  1191184656.971069  1191185276.940664  619.969595  1           3        eth:ipv4:ospf  00:11:21:3b:07:26  01:00:5e:00:00:05  0x0800              192.168.10.5   07       "Private network"  0        224.0.0.5      10       "OSPFIGP All Routers"  0        89       0x01      2            Hello;LSUp;LSAck  0x0000000000000006  0x0001                  0         192.168.10.5   192.168.10.6  192.168.10.10
...

The packet file also contains information from the header so that one can track the messaging from packet to packet.

$ tcol ospfV2Multi_packets.txt
%pktNo  flowInd  flowStat            time               pktIAT     flowDuration  numHdrs  hdrDesc        ethVlanID  srcMac             dstMac             ethType  srcIP          srcIPCC  srcIPOrg         srcPort  dstIP          dstIPCC  dstIPOrg             dstPort  l4Proto  ospfStat  ospfVersion  ospfAreaID  ospfType  ospfLSType          l7Content
1       1        0x0400000000004000  1191184656.892601  0.000000   0.000000      3        eth:ipv4:ospf             00:11:21:3b:07:26  01:00:5e:00:00:05  0x0800   192.168.8.1    07       Private network           224.0.0.5      10       OSPFIGP All Routers           89       0x01      2            0           Hello     0x0000000000000000  .....\n.....(....................
2       2        0x0400000000004000  1191184656.930801  0.000000   0.000000      3        eth:ipv4:ospf             00:11:21:3b:07:26  01:00:5e:00:00:05  0x0800   192.168.10.1   07       Private network           224.0.0.5      10       OSPFIGP All Routers           89       0x01      2            0           Hello     0x0000000000000000  .....\n.....(....................
3       3        0x0400000000004000  1191184656.971069  0.000000   0.000000      3        eth:ipv4:ospf             00:11:21:3b:07:26  01:00:5e:00:00:05  0x0800   192.168.10.5   07       Private network           224.0.0.5      10       OSPFIGP All Routers           89       0x01      2            0           Hello     0x0000000000000000  .....\n.....(....................
4       1        0x0400000000004000  1191184666.889746  9.997145   9.997145      3        eth:ipv4:ospf             00:11:21:3b:07:26  01:00:5e:00:00:05  0x0800   192.168.8.1    07       Private network           224.0.0.5      10       OSPFIGP All Routers           89       0x01      2            0           Hello     0x0000000000000000  .....\n.....(....................
5       2        0x0400000000004000  1191184666.929838  9.999037   9.999037      3        eth:ipv4:ospf             00:11:21:3b:07:26  01:00:5e:00:00:05  0x0800   192.168.10.1   07       Private network           224.0.0.5      10       OSPFIGP All Routers           89       0x01      2            0           Hello     0x0000000000000000  .....\n.....(....................
6       3        0x0400000000004000  1191184666.969859  9.998790   9.998790      3        eth:ipv4:ospf             00:11:21:3b:07:26  01:00:5e:00:00:05  0x0800   192.168.10.5   07       Private network           224.0.0.5      10       OSPFIGP All Routers           89       0x01      2            0           Hello     0x0000000000000000  .....\n.....(....................
7       4        0x0400000000004000  1191184675.408013  0.000000   0.000000      3        eth:ipv4:ospf             00:11:21:3a:f4:d2  01:00:5e:00:00:05  0x0800   192.168.9.1    07       Private network           224.0.0.5      10       OSPFIGP All Routers           89       0x01      2            0           Hello     0x0000000000000000  .....\n.....(....................
8       5        0x0400000000004000  1191184675.446905  0.000000   0.000000      3        eth:ipv4:ospf             00:11:21:3a:f4:d2  01:00:5e:00:00:05  0x0800   192.168.10.2   07       Private network           224.0.0.5      10       OSPFIGP All Routers           89       0x01      2            0           Hello     0x0000000000000000  .....\n.....(....................
9       6        0x0400000000004000  1191184675.483847  0.000000   0.000000      3        eth:ipv4:ospf             00:11:21:3a:f4:d2  01:00:5e:00:00:05  0x0800   192.168.10.9   07       Private network           224.0.0.5      10       OSPFIGP All Routers           89       0x01      2            0           Hello     0x0000000000000000  .....\n.....(....................
10      1        0x0400000000004000  1191184676.889265  9.999519   19.996664     3        eth:ipv4:ospf             00:11:21:3b:07:26  01:00:5e:00:00:05  0x0800   192.168.8.1    07       Private network           224.0.0.5      10       OSPFIGP All Routers           89       0x01      2            0           Hello     0x0000000000000000  .....\n.....(....................
11      2        0x0400000000004000  1191184676.929454  9.999616   19.998653     3        eth:ipv4:ospf             00:11:21:3b:07:26  01:00:5e:00:00:05  0x0800   192.168.10.1   07       Private network           224.0.0.5      10       OSPFIGP All Routers           89       0x01      2            0           Hello     0x0000000000000000  .....\n.....(..........\n\t............
12      3        0x0400000000004000  1191184676.969376  9.999517   19.998306     3        eth:ipv4:ospf             00:11:21:3b:07:26  01:00:5e:00:00:05  0x0800   192.168.10.5   07       Private network           224.0.0.5      10       OSPFIGP All Routers           89       0x01      2            0           Hello     0x0000000000000000  .....\n.....(....................
13      4        0x0400000000004000  1191184685.404754  9.996741   9.996741      3        eth:ipv4:ospf             00:11:21:3a:f4:d2  01:00:5e:00:00:05  0x0800   192.168.9.1    07       Private network           224.0.0.5      10       OSPFIGP All Routers           89       0x01      2            0           Hello     0x0000000000000000  .....\n.....(....................
14      5        0x0400000000004000  1191184685.444969  9.998064   9.998064      3        eth:ipv4:ospf             00:11:21:3a:f4:d2  01:00:5e:00:00:05  0x0800   192.168.10.2   07       Private network           224.0.0.5      10       OSPFIGP All Routers           89       0x01      2            0           Hello     0x0000000000000000  .....\n.....(..........\n.............
15      6        0x0400000000004000  1191184685.481082  9.997235   9.997235      3        eth:ipv4:ospf             00:11:21:3a:f4:d2  01:00:5e:00:00:05  0x0800   192.168.10.9   07       Private network           224.0.0.5      10       OSPFIGP All Routers           89       0x01      2            0           Hello     0x0000000000000000  .....\n.....(....................
16      1        0x0400000000004000  1191184686.888787  9.999522   29.996185     3        eth:ipv4:ospf             00:11:21:3b:07:26  01:00:5e:00:00:05  0x0800   192.168.8.1    07       Private network           224.0.0.5      10       OSPFIGP All Routers           89       0x01      2            0           Hello     0x0000000000000000  .....\n.....(....................
17      2        0x0400000000004000  1191184686.928885  9.999431   29.998083     3        eth:ipv4:ospf             00:11:21:3b:07:26  01:00:5e:00:00:05  0x0800   192.168.10.1   07       Private network           224.0.0.5      10       OSPFIGP All Routers           89       0x01      2            0           Hello     0x0000000000000000  .....\n.....(..........\n\t............
18      3        0x0400000000004000  1191184686.968900  9.999524   29.997831     3        eth:ipv4:ospf             00:11:21:3b:07:26  01:00:5e:00:00:05  0x0800   192.168.10.5   07       Private network           224.0.0.5      10       OSPFIGP All Routers           89       0x01      2            0           Hello     0x0000000000000000  .....\n.....(....................
19      7        0x0400000000004000  1191184693.296123  0.000000   0.000000      3        eth:ipv4:ospf             00:11:21:3b:01:f8  01:00:5e:00:00:05  0x0800   192.168.9.2    07       Private network           224.0.0.5      10       OSPFIGP All Routers           89       0x01      2            0           Hello     0x0000000000000000  .....\n.....(....................

Now we go into more detail.

Network info and reversing with global Hello Type files

The special global files contain more information than the flow and packet files, as they can be used to extract architectural and troubleshooting information.

$ tcol osptV2Multi_ospfHello.txt
NumPkts  Ver  AreaID  SrcOSPRtr      SrcIP          Netmask          Network       IntID  RtrPrio  Opt         HelloInt  RtrDInt  DRtr           BkupRtr        NumNeigh  Neighbors
1        2    0       192.168.10.5   192.168.8.1    255.255.255.0    192.168.8.0   -      1        0x00000012  10        40       0.0.0.0        0.0.0.0        0         
2        2    0       192.168.10.5   192.168.10.1   255.255.255.252  192.168.10.0  -      1        0x00000012  10        40       0.0.0.0        0.0.0.0        0         
...
26       2    0       192.168.10.5   192.168.10.1   255.255.255.252  192.168.10.0  -      1        0x00000012  10        40       192.168.10.2   192.168.10.2   1         192.168.10.9
27       2    0       192.168.10.5   192.168.10.5   255.255.255.252  192.168.10.4  -      1        0x00000012  10        40       192.168.10.5   0.0.0.0        1         192.168.10.10
43       2    0       192.168.10.10  192.168.9.2    255.255.255.0    192.168.9.0   -      1        0x00000012  10        40       0.0.0.0        0.0.0.0        1         192.168.10.9
44       2    0       192.168.10.10  192.168.10.6   255.255.255.252  192.168.10.4  -      1        0x00000012  10        40       192.168.10.5   192.168.10.6   1         192.168.10.5
45       2    0       192.168.10.10  192.168.10.10  255.255.255.252  192.168.10.8  -      1        0x00000012  10        40       0.0.0.0        0.0.0.0        1         192.168.10.9
48       2    0       192.168.10.9   192.168.9.1    255.255.255.0    192.168.9.0   -      1        0x00000012  10        40       0.0.0.0        0.0.0.0        1         192.168.10.10
49       2    0       192.168.10.9   192.168.10.2   255.255.255.252  192.168.10.0  -      1        0x00000012  10        40       0.0.0.0        0.0.0.0        1         192.168.10.5
50       2    0       192.168.10.9   192.168.10.9   255.255.255.252  192.168.10.8  -      1        0x00000012  10        40       0.0.0.0        0.0.0.0        1         192.168.10.10
51       2    0       192.168.10.5   192.168.8.1    255.255.255.0    192.168.8.0   -      1        0x00000012  10        40       192.168.8.1    0.0.0.0        0         
52       2    0       192.168.10.5   192.168.10.1   255.255.255.252  192.168.10.0  -      1        0x00000012  10        40       192.168.10.2   192.168.10.2   1         192.168.10.9
54       2    0       192.168.10.5   192.168.10.5   255.255.255.252  192.168.10.4  -      1        0x00000012  10        40       192.168.10.5   192.168.10.6   1         192.168.10.10
60       2    0       192.168.10.10  192.168.9.2    255.255.255.0    192.168.9.0   -      1        0x00000012  10        40       0.0.0.0        0.0.0.0        1         192.168.10.9
61       2    0       192.168.10.10  192.168.10.6   255.255.255.252  192.168.10.4  -      1        0x00000012  10        40       192.168.10.5   192.168.10.6   1         192.168.10.5
62       2    0       192.168.10.10  192.168.10.10  255.255.255.252  192.168.10.8  -      1        0x00000012  10        40       0.0.0.0        0.0.0.0        1         192.168.10.9
63       2    0       192.168.10.9   192.168.9.1    255.255.255.0    192.168.9.0   -      1        0x00000012  10        40       192.168.9.2    192.168.9.2    1         192.168.10.10
65       2    0       192.168.10.9   192.168.10.2   255.255.255.252  192.168.10.0  -      1        0x00000012  10        40       192.168.10.2   192.168.10.1   1         192.168.10.5
76       2    0       192.168.10.9   192.168.10.9   255.255.255.252  192.168.10.8  -      1        0x00000012  10        40       192.168.10.10  192.168.10.10  1         192.168.10.10
82       2    0       192.168.10.5   192.168.8.1    255.255.255.0    192.168.8.0   -      1        0x00000012  10        40       192.168.8.1    0.0.0.0        0         
83       2    0       192.168.10.5   192.168.10.1   255.255.255.252  192.168.10.0  -      1        0x00000012  10        40       192.168.10.2   192.168.10.1   1         192.168.10.9
84       2    0       192.168.10.5   192.168.10.5   255.255.255.252  192.168.10.4  -      1        0x00000012  10        40       192.168.10.5   192.168.10.6   1         192.168.10.10
94       2    0       192.168.10.10  192.168.9.2    255.255.255.0    192.168.9.0   -      1        0x00000012  10        40       0.0.0.0        0.0.0.0        1         192.168.10.9
95       2    0       192.168.10.10  192.168.10.6   255.255.255.252  192.168.10.4  -      1        0x00000012  10        40       192.168.10.5   192.168.10.6   1         192.168.10.5
98       2    0       192.168.10.10  192.168.10.10  255.255.255.252  192.168.10.8  -      1        0x00000012  10        40       0.0.0.0        0.0.0.0        1         192.168.10.9
99       2    0       192.168.10.9   192.168.9.1    255.255.255.0    192.168.9.0   -      1        0x00000012  10        40       192.168.9.2    192.168.9.2    1         192.168.10.10
...

Version 2 allows the network reversing by just reading the Hello information. To that effect the Anteater provided scripts for you

$ cd ~/tranalyzer2/scripts
$ ls
dbd  rospf
$

Hello messages can be used to discover the network topology. Using the rospf a network topology summary and graphical layout will be produced:

$ ./rospf -h
Usage:
    rospf [OPTION...] <FILE_ospfHello.txt>

Optional arguments:
    -p, --plot          display a map of the network with dotty/xdot
    -D, --no-dot        do not save the map of the network as a '.dot' file
    -G, --no-png        do not save the map of the network as a '.png' file
    -h, --help          display this help, then exit
$
./rospf -p ~/results/ospfV2Multi_ospfHello.txt 
Name	Area	Network
NET0	0	192.168.8.0/24
NET1	0	192.168.9.0/24
NET2	0	192.168.10.0/30
NET3	0	192.168.10.4/30
NET4	0	192.168.10.8/30

Router	Interface_n	Network_n
R0	192.168.10.10	NET4	192.168.10.6	NET3	192.168.9.2	NET1
R1	192.168.10.5	NET3	192.168.10.1	NET2	192.168.8.1	NET0
R2	192.168.10.9	NET4	192.168.10.2	NET2	192.168.9.1	NET1

Router	Connected Routers
R0	R1	R2
R1	R0	R2
R2	R0	R1
Saved '/home/stefan/results/ospfV2Multi_ospfHello.dot'
Successfully generated '/home/stefan/results/ospfV2Multi_ospfHello.png'
Reversed Network Infrastructure from ospfV2 Hello messages

Over time we will add more details

Network info and reversing with global Database Type files

Apply the dbd script to the resulting *_ospfDBD.txt* file and you have your familiar Cisco output to the command: show ip ospf database

$ ./dbd -h
Usage:
    dbd [OPTION...] <FILE_ospfDBD.txt>

Optional arguments:
    -h          display this help, then exit
$ ./dbd ~/results/ospfV2MultiArea_ospfDBD.txt
$
$ tocol ospfV2MultiArea_ospfDBD.txt
OSPF Router with ID (192.168.10.10)

Router Link States (Area 0)

LSLinkID	ADVRouter	Age	Seq#	Checksum
192.168.10.10	192.168.10.10	30	0x80000002	0x2d0b
192.168.10.5	192.168.10.5	18	0x80000003	0x8b47
192.168.10.9	192.168.10.9	18	0x80000002	0x92ae

Net Link States (Area 0)

LSLinkID	ADVRouter	Age	Seq#	Checksum
192.168.10.2	192.168.10.9	19	0x80000001	0x094d
192.168.10.5	192.168.10.5	31	0x80000001	0x2135

Summary Net Link States (Area 0)

LSLinkID	ADVRouter	Age	Seq#	Checksum
EMPTY


OSPF Router with ID (192.168.10.5)

Router Link States (Area 0)

LSLinkID	ADVRouter	Age	Seq#	Checksum
192.168.10.10	192.168.10.10	12	0x80000002	0x2d0b
192.168.10.5	192.168.10.5	12	0x80000002	0xf754

Net Link States (Area 0)

LSLinkID	ADVRouter	Age	Seq#	Checksum
192.168.10.5	192.168.10.5	12	0x80000001	0x2135

Summary Net Link States (Area 0)

LSLinkID	ADVRouter	Age	Seq#	Checksum
EMPTY


OSPF Router with ID (192.168.10.9)

Router Link States (Area 0)

LSLinkID	ADVRouter	Age	Seq#	Checksum
192.168.10.10	192.168.10.10	31	0x80000002	0x2d0b
192.168.10.5	192.168.10.5	17	0x80000003	0x8b47
192.168.10.9	192.168.10.9	17	0x80000002	0x92ae

Net Link States (Area 0)

LSLinkID	ADVRouter	Age	Seq#	Checksum
192.168.10.2	192.168.10.9	17	0x80000001	0x094d
192.168.10.5	192.168.10.5	30	0x80000001	0x2135

Summary Net Link States (Area 0)

LSLinkID	ADVRouter	Age	Seq#	Checksum
EMPTY

$

So you do not need to log into your routers anymore :-)

The message file is separated into version 2 and 3 as the format of the headers and the content is different. Below is an excerpt for the message file of our pcap.

$ tcol ospfV2MultiArea_ospf2Msg.txt
NumPkts  Ver  Area  MsgType  LSType     SrcIP          LSLinkID       Netmask_RouterIPs  ADVRouter            LSAOpt   LnkType  Metric  IfaceType  LSFlgs
33       2    0     LSReq    Router_1   192.168.10.6   192.168.10.5                      192.168.10.5                                              
35       2    0     LSReq    Router_1   192.168.10.5   192.168.10.10                     192.168.10.10                                             
36       2    0     LSUp     Router_1   192.168.10.5   192.168.10.4   255.255.255.252    192.168.10.5   0x22  Stub              1       0x00       
36       2    0     LSUp     Router_1   192.168.10.5   192.168.10.0   255.255.255.252    192.168.10.5   0x22  Stub              1       0x00       
36       2    0     LSUp     Router_1   192.168.10.5   192.168.8.0    255.255.255.0      192.168.10.5   0x22  Stub              1       0x00       
38       2    0     LSUp     Router_1   192.168.10.6   192.168.10.8   255.255.255.252    192.168.10.10  0x22  Stub              1       0x00       
38       2    0     LSUp     Router_1   192.168.10.6   192.168.10.4   255.255.255.252    192.168.10.10  0x22  Stub              1       0x00       
38       2    0     LSUp     Router_1   192.168.10.6   192.168.9.0    255.255.255.0      192.168.10.10  0x22  Stub              1       0x00       
40       2    0     LSUp     Router_1   192.168.10.5   192.168.10.5   192.168.10.5       192.168.10.5   0x22  Transit           1       0x00       
40       2    0     LSUp     Router_1   192.168.10.5   192.168.10.0   255.255.255.252    192.168.10.5   0x22  Stub              1       0x00       
40       2    0     LSUp     Router_1   192.168.10.5   192.168.8.0    255.255.255.0      192.168.10.5   0x22  Stub              1       0x00       
41       2    0     LSUp     Router_1   192.168.10.6   192.168.10.8   255.255.255.252    192.168.10.10  0x22  Stub              1       0x00       
41       2    0     LSUp     Router_1   192.168.10.6   192.168.10.5   192.168.10.6       192.168.10.10  0x22  Transit           1       0x00       
41       2    0     LSUp     Router_1   192.168.10.6   192.168.9.0    255.255.255.0      192.168.10.10  0x22  Stub              1       0x00       
42       2    0     LSUp     Network_2  192.168.10.5   192.168.10.5   255.255.255.252    192.168.10.5   0x22                                       192.168.10.5;192.168.10.10
46       2    0     LSAck    Router_1   192.168.10.6   192.168.10.5   192.168.10.5                                                                 
46       2    0     LSAck    Network_2  192.168.10.6   192.168.10.5   192.168.10.5                                                                 
47       2    0     LSAck    Router_1   192.168.10.5   192.168.10.10  192.168.10.10                                                                
55       2    0     LSUp     Router_1   192.168.10.5   192.168.10.5   192.168.10.5       192.168.10.5   0x22  Transit           1       0x00       
55       2    0     LSUp     Router_1   192.168.10.5   192.168.10.0   255.255.255.252    192.168.10.5   0x22  Stub              1       0x00       
55       2    0     LSUp     Router_1   192.168.10.5   192.168.8.0    255.255.255.0      192.168.10.5   0x22  Stub              1       0x00       
56       2    0     LSUp     Router_1   192.168.10.6   192.168.10.8   255.255.255.252    192.168.10.10  0x22  Stub              1       0x00       
56       2    0     LSUp     Router_1   192.168.10.6   192.168.10.5   192.168.10.6       192.168.10.10  0x22  Transit           1       0x00       
56       2    0     LSUp     Router_1   192.168.10.6   192.168.9.0    255.255.255.0      192.168.10.10  0x22  Stub              1       0x00       
57       2    0     LSAck    Router_1   192.168.10.6   192.168.10.5   192.168.10.5                                                                 
58       2    0     LSAck    Router_1   192.168.10.5   192.168.10.10  192.168.10.10                                                                
68       2    0     LSReq    Router_1   192.168.10.2   192.168.10.10                     192.168.10.10                                             
68       2    0     LSReq    Router_1   192.168.10.2   192.168.10.5                      192.168.10.5                                              
68       2    0     LSReq    Network_2  192.168.10.2   192.168.10.5                      192.168.10.5                                              
70       2    0     LSReq    Router_1   192.168.10.1   192.168.10.9                      192.168.10.9                                              
71       2    0     LSUp     Router_1   192.168.10.1   192.168.10.8   255.255.255.252    192.168.10.10  0x22  Stub              1       0x00       
71       2    0     LSUp     Router_1   192.168.10.1   192.168.10.5   192.168.10.6       192.168.10.10  0x22  Transit           1       0x00       
71       2    0     LSUp     Router_1   192.168.10.1   192.168.9.0    255.255.255.0      192.168.10.10  0x22  Stub              1       0x00       
71       2    0     LSUp     Router_1   192.168.10.1   192.168.10.5   192.168.10.5       192.168.10.5   0x22  Transit           1       0x00       
71       2    0     LSUp     Router_1   192.168.10.1   192.168.10.0   255.255.255.252    192.168.10.5   0x22  Stub              1       0x00       
71       2    0     LSUp     Router_1   192.168.10.1   192.168.8.0    255.255.255.0      192.168.10.5   0x22  Stub              1       0x00       
71       2    0     LSUp     Network_2  192.168.10.1   192.168.10.5   255.255.255.252    192.168.10.5   0x22                                       192.168.10.5;192.168.10.10
73       2    0     LSUp     Router_1   192.168.10.2   192.168.10.8   255.255.255.252    192.168.10.9   0x22  Stub              1       0x00       
73       2    0     LSUp     Router_1   192.168.10.2   192.168.10.0   255.255.255.252    192.168.10.9   0x22  Stub              1       0x00       
73       2    0     LSUp     Router_1   192.168.10.2   192.168.9.0    255.255.255.0      192.168.10.9   0x22  Stub              1       0x00       
75       2    0     LSUp     Router_1   192.168.10.5   192.168.10.8   255.255.255.252    192.168.10.9   0x22  Stub              1       0x00       
75       2    0     LSUp     Router_1   192.168.10.5   192.168.10.0   255.255.255.252    192.168.10.9   0x22  Stub              1       0x00       
75       2    0     LSUp     Router_1   192.168.10.5   192.168.9.0    255.255.255.0      192.168.10.9   0x22  Stub              1       0x00       
77       2    0     LSUp     Router_1   192.168.10.2   192.168.10.8   255.255.255.252    192.168.10.9   0x22  Stub              1       0x00       
77       2    0     LSUp     Router_1   192.168.10.2   192.168.10.2   192.168.10.2       192.168.10.9   0x22  Transit           1       0x00       
77       2    0     LSUp     Router_1   192.168.10.2   192.168.9.0    255.255.255.0      192.168.10.9   0x22  Stub              1       0x00       
78       2    0     LSUp     Router_1   192.168.10.5   192.168.10.5   192.168.10.5       192.168.10.5   0x22  Transit           1       0x00       
78       2    0     LSUp     Router_1   192.168.10.5   192.168.10.2   192.168.10.1       192.168.10.5   0x22  Transit           1       0x00       
78       2    0     LSUp     Router_1   192.168.10.5   192.168.8.0    255.255.255.0      192.168.10.5   0x22  Stub              1       0x00       
79       2    0     LSUp     Network_2  192.168.10.2   192.168.10.2   255.255.255.252    192.168.10.9   0x22                                       192.168.10.9;192.168.10.5
80       2    0     LSUp     Router_1   192.168.10.1   192.168.10.5   192.168.10.5       192.168.10.5   0x22  Transit           1       0x00       
80       2    0     LSUp     Router_1   192.168.10.1   192.168.10.2   192.168.10.1       192.168.10.5   0x22  Transit           1       0x00       
80       2    0     LSUp     Router_1   192.168.10.1   192.168.8.0    255.255.255.0      192.168.10.5   0x22  Stub              1       0x00       
81       2    0     LSUp     Network_2  192.168.10.5   192.168.10.2   255.255.255.252    192.168.10.9   0x22                                       192.168.10.9;192.168.10.5
85       2    0     LSAck    Router_1   192.168.10.1   192.168.10.9   192.168.10.9                                                                 
85       2    0     LSAck    Network_2  192.168.10.1   192.168.10.2   192.168.10.9                                                                 
...
140      2    0     LSUp     Network_2  192.168.10.10  192.168.10.10  255.255.255.252    192.168.10.10  0x22                                       192.168.10.10;192.168.10.9
141      2    0     LSUp     Network_2  192.168.10.6   192.168.10.10  255.255.255.252    192.168.10.10  0x22                                       192.168.10.10;192.168.10.9
142      2    0     LSUp     Network_2  192.168.9.2    192.168.10.10  255.255.255.252    192.168.10.10  0x22                                       192.168.10.10;192.168.10.9
143      2    0     LSUp     Network_2  192.168.10.1   192.168.10.10  255.255.255.252    192.168.10.10  0x22                                       192.168.10.10;192.168.10.9
144      2    0     LSUp     Network_2  192.168.9.1    192.168.10.10  255.255.255.252    192.168.10.10  0x22                                       192.168.10.10;192.168.10.9
145      2    0     LSUp     Network_2  192.168.10.2   192.168.10.10  255.255.255.252    192.168.10.10  0x22                                       192.168.10.10;192.168.10.9
149      2    0     LSAck    Network_2  192.168.9.1    192.168.9.2    192.168.10.10                                                                
149      2    0     LSAck    Router_1   192.168.9.1    192.168.10.10  192.168.10.10                                                                
149      2    0     LSAck    Router_1   192.168.9.1    192.168.10.9   192.168.10.9                                                                 
149      2    0     LSAck    Network_2  192.168.9.1    192.168.10.10  192.168.10.10                                                                
150      2    0     LSAck    Router_1   192.168.10.1   192.168.10.9   192.168.10.9                                                                 
150      2    0     LSAck    Network_2  192.168.10.1   192.168.9.2    192.168.10.10                                                                
150      2    0     LSAck    Router_1   192.168.10.1   192.168.10.10  192.168.10.10                                                                
150      2    0     LSAck    Network_2  192.168.10.1   192.168.10.10  192.168.10.10                                                                
151      2    0     LSAck    Network_2  192.168.10.5   192.168.9.2    192.168.10.10                                                                
151      2    0     LSAck    Router_1   192.168.10.5   192.168.10.10  192.168.10.10                                                                
151      2    0     LSAck    Network_2  192.168.10.5   192.168.10.10  192.168.10.10                                                                
152      2    0     LSAck    Router_1   192.168.10.10  192.168.10.9   192.168.10.9                                                                 
153      2    0     LSAck    Network_2  192.168.10.9   192.168.9.2    192.168.10.10                                                                
153      2    0     LSAck    Router_1   192.168.10.9   192.168.10.10  192.168.10.10                                                                
153      2    0     LSAck    Network_2  192.168.10.9   192.168.10.10  192.168.10.10                                                                
154      2    0     LSAck    Router_1   192.168.10.6   192.168.10.9   192.168.10.9 
$

Network OSPFv3 info

In OSPFv3 the format and content changed, hence the HELLO type messages alone do not contain enougth information anymore to produce a concise view of the network.

New message types and LStypes were added. So the present tutorial does not include all the reversing capabilities of the T2 tools for v3, as we are currently testing them in practise. They will be diseminated in later versions.

For the time being lets look at the openfactory pcap containing both versions:

$ t2 -r ~/data/ospfV23_opftry.pcap -w ~/results -s
================================================================================
Tranalyzer 0.8.9 (Anteater), Tarantula. PID: 17050
================================================================================
[INF] Creating flows for L2, IPv4, IPv6
Active plugins:
    01: basicFlow, 0.8.9
    02: ospfDecode, 0.8.9
    03: txtSink, 0.8.9
[INF] IPv4 Ver: 5, Rev: 16122020, Range Mode: 0, subnet ranges loaded: 406027 (406.03 K)
[INF] IPv6 Ver: 5, Rev: 17122020, Range Mode: 0, subnet ranges loaded: 50973 (50.97 K)
Processing file: /home/wurst/data/ospfV23_opftry.pcap
Link layer type: Ethernet [EN10MB/1]
Dump start: 1594638867.585206 sec (Mon 13 Jul 2020 11:14:27 GMT)
Dump stop : 1594638928.037368 sec (Mon 13 Jul 2020 11:15:28 GMT)
Total dump duration: 60.452162 sec (1m)
Finished processing. Elapsed time: 0.007351 sec
Finished unloading flow memory. Time: 0.007540 sec
Percentage completed: 100.00%
Number of processed packets: 62
Number of processed bytes: 22976 (22.98 K)
Number of raw bytes: 22976 (22.98 K)
Number of pcap bytes: 23992 (23.99 K)
Number of IPv4 packets: 20 [32.26%]
Number of IPv6 packets: 42 [67.74%]
Number of A packets: 46 [74.19%]
Number of B packets: 16 [25.81%]
Number of A bytes: 7892 (7.89 K) [34.35%]
Number of B bytes: 15084 (15.08 K) [65.65%]
Average A packet load: 171.57
Average B packet load: 942.75
--------------------------------------------------------------------------------
ospfDecode: Aggregated ospfStat: 0x01
ospfDecode: Aggregated ospfType: v2=0x12, v3=0x3e
ospfDecode: Number of OSPFv2 packets: 20 [32.26%]
ospfDecode: Number of OSPFv3 packets: 42 [67.74%]
--------------------------------------------------------------------------------
Headers count: min: 3, max: 3, average: 3.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Number of processed   flows: 6
Number of processed A flows: 5 [83.33%]
Number of processed B flows: 1 [16.67%]
Number of request     flows: 5 [83.33%]
Number of reply       flows: 1 [16.67%]
Total   A/B    flow asymmetry: 0.67
Total req/rply flow asymmetry: 0.67
Number of processed   packets/flows: 10.33
Number of processed A packets/flows: 9.20
Number of processed B packets/flows: 16.00
Number of processed total packets/s: 1.03
Number of processed A+B   packets/s: 1.03
Number of processed A     packets/s: 0.76
Number of processed   B   packets/s: 0.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Number of average processed flows/s: 0.10
Average full raw bandwidth: 3041 b/s (3.04 Kb/s)
Average full bandwidth : 3041 b/s (3.04 Kb/s)
Max number of flows in memory: 6 [0.00%]
Memory usage: 0.01 GB [0.02%]
Aggregate flow status: 0x0c0000000000c000
[INF] IPv4 flows
[INF] IPv6 flows

As the endreport states there are indeed both version present:

$ tawk -V ospfType=0x12

The ospfType column with value 0x12 is to be interpreted as follows:

   bit | ospfType | Description
   =============================================================================
     1 | 0x02     | OSPF Hello
     4 | 0x10     | OSPF LS Update

$ tawk -V ospfType=0x3e

The ospfType column with value 0x3e is to be interpreted as follows:

   bit | ospfType | Description
   =============================================================================
     1 | 0x02     | OSPF Hello
     2 | 0x04     | OSPF Database Description
     3 | 0x08     | OSPF LS Request
     4 | 0x10     | OSPF LS Update
     5 | 0x20     | OSPF Acknowledge

The status file looks now a bit larger, as you now see a lot OSPFv3 LS Types. The 9 indicates many area interaction.

$ cat ospfV23_opftry_ospfStats.txt
Number of OSPF packets: 62 [100.00%]
Number of OSPFv2 packets: 20 [32.26%]
Number of OSPFv3 packets: 42 [67.74%]

Number of OSPFv2 multicast packets: 20 [32.26%]
Number of OSPFv2 packets with null authentication: 20 [32.26%]

OSPFv2 Link State Request / Update ratio: 0.000
OSPFv2 Link State Update / Acknowledgment ratio: 0.000

OSPFv3 Link State Request / Update ratio: 0.100
OSPFv3 Link State Update / Acknowledgment ratio: 10.000

# OSPFv2 Type       	             Packets
Hello               	                  14 [ 70.00%]
LSUp                	                   6 [ 30.00%]

# OSPFv3 Type       	             Packets
Hello               	                   8 [ 19.05%]
DBD                 	                  10 [ 23.81%]
LSReq               	                   2 [  4.76%]
LSUp                	                  20 [ 47.62%]
LSAck               	                   2 [  4.76%]

# OSPFv2 LS Type    	               Count
Router_1            	                   4
ASext_5             	                   2

# OSPFv3 LS Type    	               Count
Router_1            	                  93
Network_2           	                  61
AS_EXT_5            	                 277
Link_LSA_8          	                   5
Intra_Area_Pref_9   	                  51
INTR_A_TE_LSA_10    	                  19
$

The flow file contains the same information for version 2 and 3.

$ tcol ospfV23_opftry_flows.txt
%dir  flowInd  flowStat            timeFirst          timeLast           duration   numHdrDesc  numHdrs  hdrDesc        srcMac             dstMac             ethType  ethVlanID  srcIP                      srcIPCC  srcIPOrg            srcPort  dstIP                      dstIPCC  dstIPOrg               dstPort  l4Proto  ospfStat  ospfVersion  ospfType              ospfLSType          ospfAuType  ospfAuPass  ospfArea  ospfSrcRtr     ospfBkupRtr  ospfNeighbors
A     4        0x0800000000008000  1594638886.984511  1594638888.004560  1.020049   1           3        eth:ipv6:ospf  3c:ec:ef:46:69:7d  33:33:00:00:00:05  0x86dd              fe80::3eec:efff:fe46:697d  04       "Link-local"        0        ff02::5                    10       "OSPFIGP Link-local"   0        89       0x01      3            Hello;LSUp            0x0000000000000102  0x0000                  0         80.77.16.70    0.0.0.0      
A     5        0x0800000000008000  1594638887.612071  1594638888.810881  1.198810   1           3        eth:ipv6:ospf  3c:ec:ef:46:69:7d  64:d1:54:e8:cb:6c  0x86dd              fe80::3eec:efff:fe46:697d  04       "Link-local"        0        fe80::66d1:54ff:fee8:cb6c  04       "Link-local"           0        89       0x01      3            DBD;LSReq;LSUp        0x0000000000000002  0x0000                  0         80.77.16.70    0.0.0.0      
B     5        0x0800000000008001  1594638887.751243  1594638925.315292  37.564049  1           3        eth:ipv6:ospf  64:d1:54:e8:cb:6c  3c:ec:ef:46:69:7d  0x86dd              fe80::66d1:54ff:fee8:cb6c  04       "Link-local"        0        fe80::3eec:efff:fe46:697d  04       "Link-local"           0        89       0x01      3            DBD;LSUp;LSReq;LSAck  0x0000000000000626  0x0000                  0         10.250.1.19    0.0.0.0      
A     2        0x0800000000008000  1594638867.585397  1594638927.752841  60.167444  1           3        eth:ipv6:ospf  64:d1:54:e8:cb:6c  33:33:00:00:00:05  0x86dd              fe80::66d1:54ff:fee8:cb6c  04       "Link-local"        0        ff02::5                    10       "OSPFIGP Link-local"   0        89       0x01      3            Hello;LSUp;LSAck      0x0000000000000626  0x0000                  0         10.250.1.19    80.77.16.70  80.77.16.70
A     1        0x0400000000004000  1594638867.585206  1594638927.753236  60.168030  1           3        eth:ipv4:ospf  64:d1:54:e8:cb:6c  01:00:5e:00:00:05  0x0800              5.226.149.25               ch       "Openfactory GmbH"  0        224.0.0.5                  10       "OSPFIGP All Routers"  0        89       0x01      2            Hello;LSUp            0x0000000000000022  0x0001                  0         5.226.149.246  0.0.0.0      193.189.82.50
A     3        0x0400000000004000  1594638868.036975  1594638928.037368  60.000393  1           3        eth:ipv4:ospf  3c:ec:ef:46:69:7d  01:00:5e:00:00:05  0x0800              5.226.149.24               ch       "Openfactory GmbH"  0        224.0.0.5                  10       "OSPFIGP All Routers"  0        89       0x01      2            Hello;LSUp            0x0000000000000022  0x0001                  0         193.189.82.50  0.0.0.0      5.226.149.246

Same for the packet file

$ tcol ospfV23_opftry_packets.txt
%pktNo  flowInd  flowStat            time               pktIAT     flowDuration  numHdrs  hdrDesc        ethVlanID  srcMac             dstMac             ethType  srcIP                      srcIPCC  srcIPOrg          srcPort  dstIP                      dstIPCC  dstIPOrg             dstPort  l4Proto  ospfStat  ospfVersion  ospfAreaID  ospfType  ospfLSType          l7Content
1       1        0x0400000000004000  1594638867.585206  0.000000   0.000000      3        eth:ipv4:ospf             64:d1:54:e8:cb:6c  01:00:5e:00:00:05  0x0800   5.226.149.25               ch       Openfactory GmbH           224.0.0.5                  10       OSPFIGP All Routers           89       0x01      2            0           Hello     0x0000000000000000  .....\n.....(..........R2
2       2        0x0800000000008000  1594638867.585397  0.000000   0.000000      3        eth:ipv6:ospf             64:d1:54:e8:cb:6c  33:33:00:00:00:05  0x86dd   fe80::66d1:54ff:fee8:cb6c  04       Link-local                 ff02::5                    10       OSPFIGP Link-local            89       0x01      3            0           Hello     0x0000000000000000  .........\n.(\n.......
3       3        0x0400000000004000  1594638868.036975  0.000000   0.000000      3        eth:ipv4:ospf             3c:ec:ef:46:69:7d  01:00:5e:00:00:05  0x0800   5.226.149.24               ch       Openfactory GmbH           224.0.0.5                  10       OSPFIGP All Routers           89       0x01      2            0           Hello     0x0000000000000000  .....\n.....(............
4       3        0x0400000000004000  1594638872.400223  4.363248   4.363248      3        eth:ipv4:ospf             3c:ec:ef:46:69:7d  01:00:5e:00:00:05  0x0800   5.226.149.24               ch       Openfactory GmbH           224.0.0.5                  10       OSPFIGP All Routers           89       0x01      2            0           LSUp      0x0000000000000002  ........>...>.......N......?...1.......\n...g.......\n...........\n...=.......\n...>.......\n.../.......\n...!.......\n...z.......\n...p.......\n...'.......\n...........\n...q.......\n...&.......\n... .......\n...,.......\n...a.......\n...d.......\n...x.......\n...u.......\n...m.......\n...........\n...:.......\n...h.......\n...*.......\n...|.......\n...<.......\n...c.......\n...k.......\n...#.......\n...........\n...-.......\n...s.......\n...e.......\n...{.......\n...y.......\n...n.......\n...i.......\n...l.......\n...0.......\n...o.......\n...%.......\n...}.......\n...t.......\n...6.......\n...8.......\n...;.......\n...v.......\n...2.......\n...`.......\n...5.......\n...7.......\n...4.......\n...(.......\n...$.......\n...3.......\n...9.......\n...f.......\n...........\n...........\n...........\n...........\n...~.......\n...........\n
5       1        0x0400000000004000  1594638872.466526  4.881320   4.881320      3        eth:ipv4:ospf             64:d1:54:e8:cb:6c  01:00:5e:00:00:05  0x0800   5.226.149.25               ch       Openfactory GmbH           224.0.0.5                  10       OSPFIGP All Routers           89       0x01      2            0           LSUp      0x0000000000000002  ........>...>.......N......?...1.......\n...g.......\n...........\n...=.......\n...>.......\n.../.......\n...!.......\n...z.......\n...p.......\n...'.......\n...........\n...q.......\n...&.......\n... .......\n...,.......\n...a.......\n...d.......\n...x.......\n...u.......\n...m.......\n...........\n...:.......\n...h.......\n...*.......\n...|.......\n...<.......\n...c.......\n...k.......\n...#.......\n...........\n...-.......\n...s.......\n...e.......\n...{.......\n...y.......\n...n.......\n...i.......\n...l.......\n...0.......\n...o.......\n...%.......\n...}.......\n...t.......\n...6.......\n...8.......\n...;.......\n...v.......\n...2.......\n...`.......\n...5.......\n...7.......\n...4.......\n...(.......\n...$.......\n...3.......\n...9.......\n...f.......\n...........\n...........\n...........\n...........\n...~.......\n...........\n
6       1        0x0400000000004000  1594638877.598877  5.132351   10.013671     3        eth:ipv4:ospf             64:d1:54:e8:cb:6c  01:00:5e:00:00:05  0x0800   5.226.149.25               ch       Openfactory GmbH           224.0.0.5                  10       OSPFIGP All Routers           89       0x01      2            0           Hello     0x0000000000000000  .....\n.....(..........R2
7       2        0x0800000000008000  1594638877.599246  10.013849  10.013849     3        eth:ipv6:ospf             64:d1:54:e8:cb:6c  33:33:00:00:00:05  0x86dd   fe80::66d1:54ff:fee8:cb6c  04       Link-local                 ff02::5                    10       OSPFIGP Link-local            89       0x01      3            0           Hello     0x0000000000000000  .........\n.(\n.......
8       3        0x0400000000004000  1594638878.036966  5.636743   9.999991      3        eth:ipv4:ospf             3c:ec:ef:46:69:7d  01:00:5e:00:00:05  0x0800   5.226.149.24               ch       Openfactory GmbH           224.0.0.5                  10       OSPFIGP All Routers           89       0x01      2            0           Hello     0x0000000000000000  .....\n.....(............
9       4        0x0800000000008000  1594638886.984511  0.000000   0.000000      3        eth:ipv6:ospf             3c:ec:ef:46:69:7d  33:33:00:00:00:05  0x86dd   fe80::3eec:efff:fe46:697d  04       Link-local                 ff02::5                    10       OSPFIGP Link-local            89       0x01      3            0           Hello     0x0000000000000000  .........\n.(........
10      2        0x0800000000008000  1594638887.611127  10.011881  20.025730     3        eth:ipv6:ospf             64:d1:54:e8:cb:6c  33:33:00:00:00:05  0x86dd   fe80::66d1:54ff:fee8:cb6c  04       Link-local                 ff02::5                    10       OSPFIGP Link-local            89       0x01      3            0           Hello     0x0000000000000000  .........\n.(\n.......PM.F
11      1        0x0400000000004000  1594638887.611883  10.013006  20.026676     3        eth:ipv4:ospf             64:d1:54:e8:cb:6c  01:00:5e:00:00:05  0x0800   5.226.149.25               ch       Openfactory GmbH           224.0.0.5                  10       OSPFIGP All Routers           89       0x01      2            0           Hello     0x0000000000000000  .....\n.....(..........R2
12      5        0x0800000000008000  1594638887.612071  0.000000   0.000000      3        eth:ipv6:ospf             3c:ec:ef:46:69:7d  64:d1:54:e8:cb:6c  0x86dd   fe80::3eec:efff:fe46:697d  04       Link-local                 fe80::66d1:54ff:fee8:cb6c  04       Link-local                    89       0x01      3            0           DBD       0x0000000000000000  ...........2
13      5        0x0800000000008001  1594638887.751243  0.000000   0.000000      3        eth:ipv6:ospf             64:d1:54:e8:cb:6c  3c:ec:ef:46:69:7d  0x86dd   fe80::66d1:54ff:fee8:cb6c  04       Link-local                 fe80::3eec:efff:fe46:697d  04       Link-local                    89       0x01      3            0           DBD       0x0000000000000000  ............
14      5        0x0800000000008001  1594638887.751332  0.000089   0.000089      3        eth:ipv6:ospf             64:d1:54:e8:cb:6c  3c:ec:ef:46:69:7d  0x86dd   fe80::66d1:54ff:fee8:cb6c  04       Link-local                 fe80::3eec:efff:fe46:697d  04       Link-local                    89       0x01      3            0           DBD       0x0000000000000000  ...........2.. ...........&l.~.(.. .............n..(.. .............!..H.c ............al..(.; .............M..h.. .............3..(.. ...........L....(.. ...........T..D.H.. ................H.. .............C..(.? ..............Z.(.\t .....\n.....\r..?.(.& .....PM.F.....`.... .....R........*.h.- ........l.......(.. ............q...$.V .............Ka. .. ............o.8. .B ............*.2. .t ............n.p. .j ............eK.. .. ....$.......h... .. .....R.....\r!.J. .Z .....R......e*Y. .Z .....R.......".. .. ....#R......Js..$.Z .....R........>. .- ........l....:0. .:@................$.:@................$.:@.............V..$..@............]...$.Q@................$.@@...........\nq.o.$..@...........\nq.R.$..@...........\nq...$..@....\t......\nq...$..@....\n......\nE.6.$.\t@...........\nIS'.$.~@....f........-f.$..@..............z.$.;@...........\n.:/.$.;@...........\n.B%.$.c@............]...$.c@............]...$.c@............\...$..@............oj.....@............op..,..@................,..@................$..@.............pW.,..@...........\nq<s.$..@.............!:.$..@....\t...........$..@....\n........@..$..@............R...$..@....\r........F..$..@............oK9.$..@............./..$..@............o...$..@............o.\.$..@............o R.$..@............o(H.$..@............o0>.$..@............o...$.Z@............o...$.0@....i.......m,..$..@.............L..$..@..............5.$..@.............N..$..@............n...$
15      5        0x0800000000008000  1594638887.752004  0.139933   0.139933      3        eth:ipv6:ospf             3c:ec:ef:46:69:7d  64:d1:54:e8:cb:6c  0x86dd   fe80::3eec:efff:fe46:697d  04       Link-local                 fe80::66d1:54ff:fee8:cb6c  04       Link-local                    89       0x01      3            0           LSReq     0x0000000000000000  .. ........... ........... ........... ........... ........... ........... ........... ........... ........... ........... ........... .....\n..... .....PM.F.. .....R..... ........l.. ........... ........... ........... ........... ........... ........... ....$...... .....R..... .....R..... .....R..... ....#R..... .....R..... ........l..@...........@...........@...........@...........@...........@...........@...........@...........@....\t......@....\n......@...........@....f......@...........@...........@...........@...........@...........@...........@...........@...........@...........@...........@...........@...........@...........@....\t......@....\n......@...........@....\r......@...........@...........@...........@...........@...........@...........@...........@...........@...........@....i......@...........@...........@...........@.........
...

The hello file now has mixed versions. Note that for v3 there are IPv6 addresses and most of the information present in v2 is missing, so we have to look also in the message file.

$ tcol ospfV23_opftry_ospfHello.txt
NumPkts  Ver  AreaID  SrcOSPRtr      SrcIP                      Netmask          Network       IntID  RtrPrio  Opt         HelloInt  RtrDInt  DRtr         BkupRtr      NumNeigh  Neighbors
1        2    0       5.226.149.246  5.226.149.25               255.255.255.255  5.226.149.25  -      1        0x00000002  10        40       0.0.0.0      0.0.0.0      1         193.189.82.50
2        3    0       10.250.1.19    fe80::66d1:54ff:fee8:cb6c  -                -             176    1        0x00000013  10        40       10.250.1.19  0.0.0.0      0         
3        2    0       193.189.82.50  5.226.149.24               255.255.255.254  5.226.149.24  -      1        0x00000002  10        40       0.0.0.0      0.0.0.0      1         5.226.149.246
6        2    0       5.226.149.246  5.226.149.25               255.255.255.255  5.226.149.25  -      1        0x00000002  10        40       0.0.0.0      0.0.0.0      1         193.189.82.50
7        3    0       10.250.1.19    fe80::66d1:54ff:fee8:cb6c  -                -             176    1        0x00000013  10        40       10.250.1.19  0.0.0.0      0         
8        2    0       193.189.82.50  5.226.149.24               255.255.255.254  5.226.149.24  -      1        0x00000002  10        40       0.0.0.0      0.0.0.0      1         5.226.149.246
9        3    0       80.77.16.70    fe80::3eec:efff:fe46:697d  -                -             12     1        0x00000013  10        40       0.0.0.0      0.0.0.0      0         
10       3    0       10.250.1.19    fe80::66d1:54ff:fee8:cb6c  -                -             176    1        0x00000013  10        40       10.250.1.19  0.0.0.0      1         80.77.16.70
11       2    0       5.226.149.246  5.226.149.25               255.255.255.255  5.226.149.25  -      1        0x00000002  10        40       0.0.0.0      0.0.0.0      1         193.189.82.50
25       2    0       193.189.82.50  5.226.149.24               255.255.255.254  5.226.149.24  -      1        0x00000002  10        40       0.0.0.0      0.0.0.0      1         5.226.149.246
45       2    0       5.226.149.246  5.226.149.25               255.255.255.255  5.226.149.25  -      1        0x00000002  10        40       0.0.0.0      0.0.0.0      1         193.189.82.50
46       3    0       10.250.1.19    fe80::66d1:54ff:fee8:cb6c  -                -             176    1        0x00000013  10        40       10.250.1.19  80.77.16.70  1         80.77.16.70
47       2    0       193.189.82.50  5.226.149.24               255.255.255.254  5.226.149.24  -      1        0x00000002  10        40       0.0.0.0      0.0.0.0      1         5.226.149.246
50       3    0       10.250.1.19    fe80::66d1:54ff:fee8:cb6c  -                -             176    1        0x00000013  10        40       10.250.1.19  80.77.16.70  1         80.77.16.70
51       2    0       5.226.149.246  5.226.149.25               255.255.255.255  5.226.149.25  -      1        0x00000002  10        40       0.0.0.0      0.0.0.0      1         193.189.82.50
52       2    0       193.189.82.50  5.226.149.24               255.255.255.254  5.226.149.24  -      1        0x00000002  10        40       0.0.0.0      0.0.0.0      1         5.226.149.246
55       2    0       5.226.149.246  5.226.149.25               255.255.255.255  5.226.149.25  -      1        0x00000002  10        40       0.0.0.0      0.0.0.0      1         193.189.82.50
56       3    0       10.250.1.19    fe80::66d1:54ff:fee8:cb6c  -                -             176    1        0x00000013  10        40       10.250.1.19  80.77.16.70  1         80.77.16.70
57       2    0       193.189.82.50  5.226.149.24               255.255.255.254  5.226.149.24  -      1        0x00000002  10        40       0.0.0.0      0.0.0.0      1         5.226.149.246
60       3    0       10.250.1.19    fe80::66d1:54ff:fee8:cb6c  -                -             176    1        0x00000013  10        40       10.250.1.19  80.77.16.70  1         80.77.16.70
61       2    0       5.226.149.246  5.226.149.25               255.255.255.255  5.226.149.25  -      1        0x00000002  10        40       0.0.0.0      0.0.0.0      1         193.189.82.50
62       2    0       193.189.82.50  5.226.149.24               255.255.255.254  5.226.149.24  -      1        0x00000002  10        40       0.0.0.0      0.0.0.0      1         5.226.149.246

The Database file contains for v3 ID’s instead of real IP addresses, which need to correlated with LSupdate messsages.

$ tcol ospfV23_opftry_ospfDBD.txt
NumPkts  Ver  AreaID  RtrID        LSLinkID   ADVRouter        Dna  Age   Seq#        Checksum  MTU   Flags   LSType             tlvType  tlvValOpt
14       3    0       10.250.1.19  0.0.0.0    5.226.149.1      0    797   0x8000266c  0xc07e    1500  0x0200  Router_1                    
14       3    0       10.250.1.19  0.0.0.0    5.226.149.2      0    704   0x800013a5  0x6ee1    1500  0x0200  Router_1                    
14       3    0       10.250.1.19  0.0.0.0    5.226.149.3      0    3     0x8002e0ce  0x2196    1500  0x0200  Router_1                    
14       3    0       10.250.1.19  0.0.0.0    5.226.149.6      0    1635  0x80000761  0x6c96    1500  0x0200  Router_1                    
14       3    0       10.250.1.19  0.0.0.0    5.226.149.234    0    827   0x800018eb  0x4d0f    1500  0x0200  Router_1                    
14       3    0       10.250.1.19  0.0.0.0    5.226.149.249    0    463   0x800017fe  0x33e6    1500  0x0200  Router_1                    
14       3    0       10.250.1.19  0.0.0.0    5.226.149.250    0    458   0x80014c10  0x15e0    1500  0x0200  Router_1                    
14       3    0       10.250.1.19  0.0.0.0    5.226.149.251    0    1045  0x800054b9  0xdb44    1500  0x0200  Router_1                    
14       3    0       10.250.1.19  0.0.0.0    5.226.149.252    0    24    0x8001fcfc  0x88ed    1500  0x0200  Router_1                    
14       3    0       10.250.1.19  0.0.0.0    5.226.149.253    0    1730  0x800011d8  0x43c9    1500  0x0200  Router_1                    
14       3    0       10.250.1.19  0.0.0.0    5.226.149.254    0    63    0x80001ad1  0xb85a    1500  0x0200  Router_1                    
14       3    0       10.250.1.19  0.0.0.0    10.250.1.19      0    777   0x80000de6  0xcb3f    1500  0x0200  Router_1                    
14       3    0       10.250.1.19  0.0.0.0    80.77.16.70      0    1062  0x80000006  0xd660    1500  0x0200  Router_1                    
14       3    0       10.250.1.19  0.0.0.0    82.197.176.3     0    203   0x8000eddb  0xeb2a    1500  0x0200  Router_1                    
14       3    0       10.250.1.19  0.0.0.0    192.168.150.108  0    1069  0x800017e1  0x2eb8    1500  0x0200  Router_1                    
14       3    0       10.250.1.19  0.0.0.11   5.226.149.2      0    697   0x80000071  0xc4ec    1500  0x0200  Network_2                   
14       3    0       10.250.1.19  0.0.0.12   5.226.149.3      0    342   0x800010c3  0x4b61    1500  0x0200  Network_2                   
14       3    0       10.250.1.19  0.0.0.17   5.226.149.3      0    787   0x8000006f  0xe638    1500  0x0200  Network_2                   
14       3    0       10.250.1.19  0.0.0.20   5.226.149.3      0    66    0x8000122a  0x0c32    1500  0x0200  Network_2                   
14       3    0       10.250.1.19  0.0.0.4    5.226.149.234    0    372   0x8000006e  0xdd70    1500  0x0200  Network_2                   
14       3    0       10.250.1.19  0.0.0.3    5.226.149.252    0    1642  0x80000065  0x4be8    1500  0x0200  Network_2                   
14       3    0       10.250.1.19  0.0.0.36   5.226.149.252    0    1458  0x80000068  0x1e01    1500  0x0200  Network_2                   
14       3    0       10.250.1.19  0.0.0.2    82.197.176.3     0    202   0x80000d21  0x8e4a    1500  0x0200  Network_2                   
14       3    0       10.250.1.19  0.0.0.25   82.197.176.3     0    1370  0x80001765  0x2a59    1500  0x0200  Network_2                   
14       3    0       10.250.1.19  0.0.0.27   82.197.176.3     0    1370  0x80001bce  0x22ce    1500  0x0200  Network_2                   
14       3    0       10.250.1.19  0.0.0.35   82.197.176.3     0    540   0x8000024a  0x7319    1500  0x0200  Network_2                   
14       3    0       10.250.1.19  0.0.0.165  82.197.176.3     0    1370  0x800007f0  0x133e    1500  0x0200  Network_2                   
14       3    0       10.250.1.19  0.0.0.178  192.168.150.108  0    1069  0x80001694  0x3a30    1500  0x0200  Network_2                   
14       3    0       10.250.1.19  0.0.0.0    5.226.149.2      0    826   0x800011b2  0x9c8c    1500  0x0200  AS_EXT_5                    
14       3    0       10.250.1.19  0.0.0.1    5.226.149.2      0    826   0x800011b2  0xa482    1500  0x0200  AS_EXT_5                    
14       3    0       10.250.1.19  0.0.0.2    5.226.149.2      0    826   0x800011b2  0x5614    1500  0x0200  AS_EXT_5                    
14       3    0       10.250.1.19  0.0.0.4    5.226.149.2      0    723   0x80000e5d  0x1fa8    1500  0x0200  AS_EXT_5                    
14       3    0       10.250.1.19  0.0.0.5    5.226.149.2      0    337   0x80000bc1  0x1914    1500  0x0200  AS_EXT_5                    
14       3    0       10.250.1.19  0.0.0.6    5.226.149.2      0    1344  0x80000a71  0x826f    1500  0x0200  AS_EXT_5                    
14       3    0       10.250.1.19  0.0.0.7    5.226.149.2      0    1270  0x80000a71  0x9c52    1500  0x0200  AS_EXT_5                    
14       3    0       10.250.1.19  0.0.0.8    5.226.149.2      0    1207  0x80000a71  0xda0f    1500  0x0200  AS_EXT_5                    
14       3    0       10.250.1.19  0.0.0.9    5.226.149.2      0    1181  0x80000a71  0x19cb    1500  0x0200  AS_EXT_5                    
14       3    0       10.250.1.19  0.0.0.10   5.226.149.2      0    1233  0x80000a45  0xd336    1500  0x0200  AS_EXT_5                    
14       3    0       10.250.1.19  0.0.0.1    5.226.149.3      0    521   0x80000a49  0x5327    1500  0x0200  AS_EXT_5                    
14       3    0       10.250.1.19  0.0.0.102  5.226.149.3      0    1662  0x800017f4  0x2d66    1500  0x0200  AS_EXT_5       

The message file contains now the important LSupdate messages containing all necessary IP information.

$ tcol ospfV23_opftry_ospf3Msg.txt
NumPkts  Ver  Area  srcRtr       MsgType  LSType             SrcIP                      DstIP                      LSAAdvRtr        LSAOpts     LSLinkID   IntID      NeighIntID       RefAdvRtr/AttchRtrs                     type     prefOpts  Metric        RefLSA     RefPrefix                 lnkLclIP/FwdIP                
...
17       3    0     10.250.1.19  LSUp     Router_1           fe80::66d1:54ff:fee8:cb6c  fe80::3eec:efff:fe46:697d  5.226.149.1      0x02000013  0.0.0.67   0.0.0.11   5.226.149.2      -                                       Transit            1                                                                                
17       3    0     10.250.1.19  LSUp     Router_1           fe80::66d1:54ff:fee8:cb6c  fe80::3eec:efff:fe46:697d  5.226.149.2      0x02000013  0.0.0.11   0.0.0.11   5.226.149.2      -                                       Transit            1                                                                                
17       3    0     10.250.1.19  LSUp     Router_1           fe80::66d1:54ff:fee8:cb6c  fe80::3eec:efff:fe46:697d  5.226.149.3      0x02000133  0.0.0.12   0.0.0.12   5.226.149.3      -                                       Transit            10                                                                               
17       3    0     10.250.1.19  LSUp     Router_1           fe80::66d1:54ff:fee8:cb6c  fe80::3eec:efff:fe46:697d  5.226.149.3      0x02000133  0.0.0.17   0.0.0.17   5.226.149.3      -                                       Transit            1                                                                                
17       3    0     10.250.1.19  LSUp     Router_1           fe80::66d1:54ff:fee8:cb6c  fe80::3eec:efff:fe46:697d  5.226.149.3      0x02000133  0.0.0.20   0.0.0.20   5.226.149.3      -                                       Transit            1                                                                                
17       3    0     10.250.1.19  LSUp     Router_1           fe80::66d1:54ff:fee8:cb6c  fe80::3eec:efff:fe46:697d  192.168.150.108  0x02000013  0.0.0.178  0.0.0.178  192.168.150.108  -                                       Transit            1                                                                                
...
17       3    0     10.250.1.19  LSUp     Network_2          fe80::66d1:54ff:fee8:cb6c  fe80::3eec:efff:fe46:697d  10.250.1.19      0x00000013  0.0.0.11   -          -                5.226.149.2;5.226.149.1;5.226.149.252                                                                                                       
17       3    0     10.250.1.19  LSUp     Network_2          fe80::66d1:54ff:fee8:cb6c  fe80::3eec:efff:fe46:697d  10.250.1.19      0x00000133  0.0.0.12   -          -                5.226.149.3;5.226.149.253                                                                                                                   
17       3    0     10.250.1.19  LSUp     Network_2          fe80::66d1:54ff:fee8:cb6c  fe80::3eec:efff:fe46:697d  10.250.1.19      0x00000133  0.0.0.17   -          -                5.226.149.3;5.226.149.234                                                                                                                   
17       3    0     10.250.1.19  LSUp     Network_2          fe80::66d1:54ff:fee8:cb6c  fe80::3eec:efff:fe46:697d  10.250.1.19      0x00000133  0.0.0.20   -          -                5.226.149.3;5.226.149.251                                                                                                                   
17       3    0     10.250.1.19  LSUp     Network_2          fe80::66d1:54ff:fee8:cb6c  fe80::3eec:efff:fe46:697d  10.250.1.19      0x00000133  0.0.0.4    -          -                5.226.149.234;5.226.149.249                                                                                                                 
17       3    0     10.250.1.19  LSUp     Network_2          fe80::66d1:54ff:fee8:cb6c  fe80::3eec:efff:fe46:697d  10.250.1.19      0x00000033  0.0.0.3    -          -                5.226.149.252;5.226.149.250                                                                                                                 
17       3    0     10.250.1.19  LSUp     Network_2          fe80::66d1:54ff:fee8:cb6c  fe80::3eec:efff:fe46:697d  10.250.1.19      0x00000133  0.0.0.36   -          -                5.226.149.252;5.226.149.234                                                                                                                 
17       3    0     10.250.1.19  LSUp     Network_2          fe80::66d1:54ff:fee8:cb6c  fe80::3eec:efff:fe46:697d  10.250.1.19      0x00000133  0.0.0.2    -          -                82.197.176.3;5.226.149.234                                                                                                                  
17       3    0     10.250.1.19  LSUp     Network_2          fe80::66d1:54ff:fee8:cb6c  fe80::3eec:efff:fe46:697d  10.250.1.19      0x00000013  0.0.0.25   -          -                82.197.176.3;5.226.149.251                                                                                                                  
17       3    0     10.250.1.19  LSUp     Network_2          fe80::66d1:54ff:fee8:cb6c  fe80::3eec:efff:fe46:697d  10.250.1.19      0x00000033  0.0.0.27   -          -                82.197.176.3;5.226.149.254                                                                                                                  
17       3    0     10.250.1.19  LSUp     Network_2          fe80::66d1:54ff:fee8:cb6c  fe80::3eec:efff:fe46:697d  10.250.1.19      0x00000013  0.0.0.35   -          -                82.197.176.3;10.250.1.19;5.226.149.251                                                                                                      
17       3    0     10.250.1.19  LSUp     Network_2          fe80::66d1:54ff:fee8:cb6c  fe80::3eec:efff:fe46:697d  10.250.1.19      0x00000033  0.0.0.165  -          -                82.197.176.3;5.226.149.6                                                                                                                    
17       3    0     10.250.1.19  LSUp     Network_2          fe80::66d1:54ff:fee8:cb6c  fe80::3eec:efff:fe46:697d  10.250.1.19      0x00000133  0.0.0.178  -          -                192.168.150.108;5.226.149.234                                                                                                               
17       3    0     10.250.1.19  LSUp     AS_EXT_5           fe80::66d1:54ff:fee8:cb6c  fe80::3eec:efff:fe46:697d  5.226.149.2      -           0.0.0.0    -          -                -                                                0x00      0       0x00  Unknown_0  2a00:6340:1000:18a::/64   -                          -  
17       3    0     10.250.1.19  LSUp     AS_EXT_5           fe80::66d1:54ff:fee8:cb6c  fe80::3eec:efff:fe46:697d  5.226.149.2      -           0.0.0.1    -          -                -                                                0x00      0       0x00  Unknown_0  2a00:6340:1000:18b::/64   -                          -  
17       3    0     10.250.1.19  LSUp     AS_EXT_5           fe80::66d1:54ff:fee8:cb6c  fe80::3eec:efff:fe46:697d  5.226.149.2      -           0.0.0.2    -          -                -                                                0x00      0       0x00  Unknown_0  2a00:6340:2010:2800::/64  -                          -  
17       3    0     10.250.1.19  LSUp     AS_EXT_5           fe80::66d1:54ff:fee8:cb6c  fe80::3eec:efff:fe46:697d  5.226.149.2      -           0.0.0.4    -          -                -                                                0x00      0       0x00  Unknown_0  2a00:6340:0:150::/64      -                          -  
17       3    0     10.250.1.19  LSUp     AS_EXT_5           fe80::66d1:54ff:fee8:cb6c  fe80::3eec:efff:fe46:697d  5.226.149.2      -           0.0.0.5    -          -                -                                                0x00      0       0x00  Unknown_0  2a00:6340:1000:178::/64   -                          -  
18       3    0     10.250.1.19  LSUp     AS_EXT_5           fe80::66d1:54ff:fee8:cb6c  fe80::3eec:efff:fe46:697d  5.226.149.2      -           0.0.0.6    -          -                -                                                0x00      0       0x00  Unknown_0  2a00:6340:1000:104::/64   -                          -  
18       3    0     10.250.1.19  LSUp     AS_EXT_5           fe80::66d1:54ff:fee8:cb6c  fe80::3eec:efff:fe46:697d  5.226.149.2      -           0.0.0.7    -          -                -                                                0x00      0       0x00  Unknown_0  2a00:6340:1000:106::/64   -                          -  
18       3    0     10.250.1.19  LSUp     AS_EXT_5           fe80::66d1:54ff:fee8:cb6c  fe80::3eec:efff:fe46:697d  5.226.149.2      -           0.0.0.8    -          -                -                                                0x00      0       0x00  Unknown_0  2a00:6340:1000:10a::/64   -                          -  
18       3    0     10.250.1.19  LSUp     AS_EXT_5           fe80::66d1:54ff:fee8:cb6c  fe80::3eec:efff:fe46:697d  5.226.149.3      -           0.0.1.231  -          -                -                                                0x04      20      0x00  Unknown_0  2a00:6340:1000:107::/64   -                          -  
...
26       3    0     10.250.1.19  LSUp     Intra_Area_Pref_9  fe80::66d1:54ff:fee8:cb6c  ff02::5                    10.250.1.19      -           0.0.0.5    -          0.0.0.0          5.226.149.3                                      0x00      1             Router_1   2a00:6340:1000:2::/64                                   
26       3    0     10.250.1.19  LSUp     Intra_Area_Pref_9  fe80::66d1:54ff:fee8:cb6c  ff02::5                    10.250.1.19      -           0.0.0.5    -          0.0.0.0          5.226.149.3                                      0x00      1             Router_1   2a00:6340:1000:190::/64                                 
30       3    0     10.250.1.19  LSUp     Router_1           fe80::66d1:54ff:fee8:cb6c  ff02::5                    10.250.1.19      0x00000013  0.0.0.176  0.0.0.176  10.250.1.19      -                                       Transit            10                                                                               
30       3    0     10.250.1.19  LSUp     Router_1           fe80::66d1:54ff:fee8:cb6c  ff02::5                    10.250.1.19      0x00000013  0.0.0.16   0.0.0.35   82.197.176.3     -                                       Transit            10                                                                               
30       3    0     10.250.1.19  LSUp     Intra_Area_Pref_9  fe80::66d1:54ff:fee8:cb6c  ff02::5                    10.250.1.19      -           0.0.0.0    -          0.0.0.0          10.250.1.19                                      0x00      10            Router_1   2602:fed2:fff:ffff::/64                                 
30       3    0     10.250.1.19  LSUp     Intra_Area_Pref_9  fe80::66d1:54ff:fee8:cb6c  ff02::5                    10.250.1.19      -           0.0.0.0    -          0.0.0.0          10.250.1.19                                      0x00      10            Router_1   2a00:6340:1000:18f::/64                                 
30       3    0     10.250.1.19  LSUp     Intra_Area_Pref_9  fe80::66d1:54ff:fee8:cb6c  ff02::5                    10.250.1.19      -           0.0.0.0    -          0.0.0.0          10.250.1.19                                      0x00      10            Router_1   2001:7f8:13::/64                                        
30       3    0     10.250.1.19  LSUp     Intra_Area_Pref_9  fe80::66d1:54ff:fee8:cb6c  ff02::5                    10.250.1.19      -           0.0.0.0    -          0.0.0.0          10.250.1.19                                      0x00      10            Router_1   2001:978:2:3::2:0/112                                   
30       3    0     10.250.1.19  LSUp     Intra_Area_Pref_9  fe80::66d1:54ff:fee8:cb6c  ff02::5                    10.250.1.19      -           0.0.0.0    -          0.0.0.0          10.250.1.19                                      0x00      10            Router_1   2a00:6340:0:161::/64                                    
30       3    0     10.250.1.19  LSUp     Intra_Area_Pref_9  fe80::66d1:54ff:fee8:cb6c  ff02::5                    10.250.1.19      -           0.0.0.0    -          0.0.0.0          10.250.1.19                                      0x00      10            Router_1   2a01:20e:1000::/64                                      
30       3    0     10.250.1.19  LSUp     Intra_Area_Pref_9  fe80::66d1:54ff:fee8:cb6c  ff02::5                    10.250.1.19      -           0.0.0.0    -          0.0.0.0          10.250.1.19                                      0x00      10            Router_1   2a00:6340:1000:105::/64                                 
30       3    0     10.250.1.19  LSUp     Intra_Area_Pref_9  fe80::66d1:54ff:fee8:cb6c  ff02::5                    10.250.1.19      -           0.0.0.0    -          0.0.0.0          10.250.1.19                                      0x00      10            Router_1   2a00:6340:1000:100::/64                                 
30       3    0     10.250.1.19  LSUp     Network_2          fe80::66d1:54ff:fee8:cb6c  ff02::5                    10.250.1.19      0x00000013  0.0.0.176  -          -                10.250.1.19;80.77.16.70                                                                                                                     
30       3    0     10.250.1.19  LSUp     Intra_Area_Pref_9  fe80::66d1:54ff:fee8:cb6c  ff02::5                    10.250.1.19      -           0.0.0.176  -          0.0.0.176        10.250.1.19                                      0x00      0             Network_2  2a00:6340:1000:18e::/64                                 
32       3    0     10.250.1.19  LSAck    Router_1           fe80::66d1:54ff:fee8:cb6c  fe80::3eec:efff:fe46:697d  80.77.16.70      -           0.0.0.0    -          -                -                                                                                                                                           
33       3    0     10.250.1.19  LSAck    Router_1           fe80::66d1:54ff:fee8:cb6c  ff02::5                    80.77.16.70      -           0.0.0.0    -          -                -                                                                                                                                           
33       3    0     10.250.1.19  LSAck    Link_LSA_8         fe80::66d1:54ff:fee8:cb6c  ff02::5                    80.77.16.70      -           0.0.0.12   -          -                -                                                                                                                                           
36       3    0     10.250.1.19  LSUp     INTR_A_TE_LSA_10   fe80::66d1:54ff:fee8:cb6c  ff02::5                    5.226.149.3      -           0;18                                                                                                                                                                               0x00030010;0x2a006340;0x00000168;0x00000000;0x00000000;0x00020080;0x00110008;0x0000000d;0x05e295fc;0x00010001;0x02000000;0x00120020;0x2a006340;0x10000002;0x00000000;0x00000011;0x2a006340;0x10000190;0x00000000;0x00000001;0x00130010;0x00000000;0x00000000;0x00000000;0x00000000;0x00050004;0x00000001;0x00060004;0x4e9502f9;0x00080020;0x00000000;0x00000000;0x00000000;0x00000000;0x00000000;0x00000000;0x00000000;0x00000000;0x00000000;0x05e295fc;0x8001fcfc;0x88ed0048;0x06c32001;
37       3    0     10.250.1.19  LSUp     Router_1           fe80::66d1:54ff:fee8:cb6c  ff02::5                    5.226.149.253    0x02000013  0.0.0.22   0.0.0.12   5.226.149.3      -                                       Transit            10                                                                               
38       3    0     10.250.1.19  LSUp     Router_1           fe80::66d1:54ff:fee8:cb6c  ff02::5                    5.226.149.252    0x02000013  0.0.0.35   0.0.0.11   5.226.149.2      -                                       Transit            10                                                                               
38       3    0     10.250.1.19  LSUp     Router_1           fe80::66d1:54ff:fee8:cb6c  ff02::5                    5.226.149.252    0x02000013  0.0.0.13   0.0.0.13   5.226.149.252    -                                       Transit            10                                                                               
...

In future we will extend the present scripts to reverse the network structure for ospfV3.

Experiment by changing the output representation of IDs and types: OSPF_LSID_AS_IP, OSPF_TYP_STR, OSPF_LSTYP_STR If you do, do not forget to reset the configuration for the next tutorials:

$ t2conf ospfDecode -D OSPF_LSID_AS_IP=0 -D OSPF_TYP_STR=0 -D OSPF_LSTYP_STR=0 && t2build ospfDecode
...
$

or use the new command:

$ t2conf --reset ospfDecode && t2build ospfDecode
...
$

Have fun with ospfDecode.