Path: utzoo!attcan!uunet!cs.utexas.edu!usc!zaphod.mps.ohio-state.edu!wuarchive!udel!haven!decuac!bacchus.pa.dec.com!mogul
From: mogul@wrl.dec.com (Jeffrey Mogul)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: Looking for utility to monitor RIP packets
Message-ID: <1990Nov6.003652.15271@wrl.dec.com>
Date: 6 Nov 90 00:36:52 GMT
References: <775@casbah.acns.nwu.edu>
Sender: news@wrl.dec.com (News)
Organization: DEC Western Research
Lines: 29

In article <775@casbah.acns.nwu.edu> matt@acns.nwu.edu writes:
>I am looking for a UNIX utility that will listen for all the RIP
>packets on a network and display their contents.  I am essentially
>trying to duplicate the output of a cisco router with RIP debugging
>turned on.  The output looks something like:
>
>Received RIP update from xxx.xxx.xxx.xxx:
>  network yyy.yyy.yyy.yyy in n hops
>  network zzz.zzz.zzz.zzz in m hops
>  ...

The "tcpdump" program (from the folks at LBL) decodes RIP packets,
among others.  A new version of tcpdump is being tested at the moment;
it now includes support for Ultrix systems and 4.3BSD, as well as the
SunOS support it has always had.  No, I don't know when the latest
version will be available, but you probably shouldn't bother to
write your own.

The output format is a little different, but otherwise you should
get all the information you want.  For example:
16:34:07.612 16.1.16.252.520 > 16.1.31.255.520: rip-resp 25:
    16.183.1.0(8) 16.10.0.1(3) 16.10.16.3(9) 16.10.0.4(3) 16.10.16.4(3)
    16.10.16.5(5) 16.10.16.6(4) 16.10.16.8(3) 16.4.16.12(5) 16.10.16.13(4)
    16.10.16.14(8) 16.10.16.16(3) 16.10.16.17(8) 16.10.16.18(8)
    16.10.16.20(3) 16.4.16.22(5) 16.4.16.23(5) 16.10.16.23(4)
    16.10.16.24(5) 16.10.16.25(5) 16.10.16.26(5) 16.36.192.0(7)
    16.68.192.0(7) 16.26.192.0(7) 16.153.192.0(7)

-Jeff