Proof of concept: BC-MC and MC-BC feasibility using Cisco routers/MLS

IP Multicast, Route 2 Minutes

Continue from the previous post. This post shows the proof of concept done.

Pre-requisite tools: Netcat for Windows , wireshark and two computers.

Commands: debug ip packet detail (this will show the layer 4 information as well) and debug ip mpacket

Netcat is originally a unix utility, it is known as the swiss army knife of security tools. This program is used to generate udp broadcast packets.

Wireshark is a popular software for analyzing the network packets (actually it is a sniffer)

Loopback interfaces cannot be used to do testing, broadcast packet must enter the physical interface for the conversion to work hence two computers are needed. One situated at network 192.168.100.0/24 connected to fa0/0 of R1, the other computer connects to 172.16.0.0/24 network which is connected to fa0/0 of R2.

Refer the network diagram:

Netcat has been classified as a virus by Norton security software, so be sure to instruct Norton to trust the software. The whole netcat package includes source code, if you are good at programming you could modify the C codes.

I will call the pc at 192.168.100.0/24 as BCS stands for broadcast source, and the pc at 172.16.0.0/24 as BCD stands for broadcast destination.

netcat is a command line utility, go to the command prompt and launch netcat by using entering this:

nc -u <destination ip address> <destination port id>

Important: when you enter the nc -u 255.255.255.255 65000 it merely in standby, you need to press enter to send packet, each enter you hit each packet you send. Stop hitting the enter key, no packet will send.

For more option use nc -h.

First test: Broadcast to multicast conversion/translation.

This screenshot shows I sent out 4 udp broadcast packets( by hitting enter 4 times) destined for udp 65000.

This screenshot shows local broadcast 255.255.255.255 is translated to 239.5.5.5 multicast address.

The debug output is as below:

R1#

*Mar  1 02:44:24.242: IP: s=192.168.100.1 (local), d=224.0.0.13 (FastEthernet0/0), len 54, sending broad/multicast, proto=103

*Mar  1 02:44:24.739: IP: s=192.168.100.2 (FastEthernet0/0), d=255.255.255.255, len 29, rcvd 2

*Mar  1 02:44:24.739:     UDP src=52593, dst=65000

*Mar  1 02:44:24.739: IP(0): s=192.168.100.2 (FastEthernet0/0) d=239.5.5.5, ttl=127, prot=17, len=60(29), mroute olist null

*Mar  1 02:44:25.059: IP: s=192.168.100.2 (FastEthernet0/0), d=255.255.255.255, len 29, rcvd 2

*Mar  1 02:44:25.063:     UDP src=52593, dst=65000

*Mar  1 02:44:25.063: IP(0): s=192.168.100.2 (FastEthernet0/0) d=239.5.5.5, ttl=127, prot=17,

R1# len=60(29), mroute olist null

*Mar  1 02:44:25.364: IP: s=192.168.100.2 (FastEthernet0/0), d=255.255.255.255, len 29, rcvd 2

*Mar  1 02:44:25.364:     UDP src=52593, dst=65000

*Mar  1 02:44:25.364: IP(0): s=192.168.100.2 (FastEthernet0/0) d=239.5.5.5, ttl=127, prot=17, len=60(29), mroute olist null

*Mar  1 02:44:25.684: IP: s=192.168.100.2 (FastEthernet0/0), d=255.255.255.255, len 29, rcvd 2

*Mar  1 02:44:25.684:     UDP src=52593, dst=65000

*Mar  1 02:44:25.688: IP(0): s=192.168.100.2 (FastEthernet0/0) d=239.5.5.5, ttl=127, prot=17, len=60(29), mroute olist null

R1#u all

All possible debugging has been turned off.

This screenshot is the debug output of R2, it shows 239.5.5.5 upon arrival at fa0/1 of R2 is converted into directed broadcast address 172.16.0.255. Fa0/1 of R2 knows that this directed broadcast belongs to 172.16.0.0/24 forward to its directly connected interface fa0/0.

Once 172.16.0.255 reached 172.16.0.0/24 network it converted into local broadcast 255.255.255.255 and flood the subnet.

This screenshot shows wireshark of BCD is receiving local broadcast. Look at the source ip address, 192.168.100.2, this is the host ip of BCS.

The debug output of R2 is below:

R2#

*Mar  1 03:35:38.326: IP: s=172.30.100.2 (local), d=224.0.0.13 (FastEthernet0/1), len 54, sending broad/multicast, proto=103

*Mar  1 03:35:38.438: IP: tableid=0, s=192.168.100.2 (FastEthernet0/1), d=172.16.0.255 (FastEthernet0/0), routed via RIB

*Mar  1 03:35:38.438: IP(0): s=192.168.100.2 (FastEthernet0/1) d=239.5.5.5, ttl=126, prot=17, len=60(29), mroute olist null

*Mar  1 03:35:38.714: IP: tableid=0, s=192.168.100.2 (FastEthernet0/1), d=172.16.0.255 (FastEthernet0/0), routed via RIB

*Mar  1 03:35:38.714: IP(0): s=192.168.100.2 (FastEthernet0/1) d=239.5.5.5, ttl=126, prot=17, len=60(29), mroute olist null

R2#

*Mar  1 03:35:39.007: IP: tableid=0, s=192.168.100.2 (FastEthernet0/1), d=172.16.0.255 (FastEthernet0/0), routed via RIB

*Mar  1 03:35:39.007: IP(0): s=192.168.100.2 (FastEthernet0/1) d=239.5.5.5, ttl=126, prot=17, len=60(29), mroute olist null

R2#

*Mar  1 03:35:40.433: IP: s=172.30.100.1 (FastEthernet0/1), d=224.0.0.13, len 54, rcvd 0, proto=103

R2#

*Mar  1 03:35:42.637: IP: s=172.30.100.1 (FastEthernet0/1), d=224.0.0.1, len 28, rcvd 0, proto=2

R2#

*Mar  1 03:35:46.167: IP: tableid=0, s=192.168.100.2 (FastEthernet0/1), d=172.16.0.255 (FastEthernet0/0), routed via RIB

*Mar  1 03:35:46.171: IP(0): s=192.168.100.2 (FastEthernet0/1) d=239.5.5.5, ttl=126, prot=17, len=60(34), mroute olist null

R2#u all

All possible debugging has been turned off

Advertisement

Published by cyruslab

Published

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s