09-12-2017 10:09 AM - edited 03-05-2019 09:07 AM
Hello,
I am have configured mismatch key-strings between 2 EIGRP neighbor to force that happen authentication fail event. My goal is to see the event in Wireshark.
So is so odd because I dind't see any change in the hello EIGRP packets.
Somebody knows which should be the change?
Best regards,
09-12-2017 10:30 AM
09-12-2017 10:39 AM - edited 09-12-2017 10:39 AM
Hi
Adding to Mark comment, you can also use debug eigrp packets and debug ip eigrp notifications
09-12-2017 12:35 PM
Sure, I knowed it these debug commands. However I want to see the packets through Wireshark. The differents type of EIGRP packets are: Hello, Update, Query, Reply, SIA Query, SIA Reply. In this way the authentication mode is sent through Update or Hello packets... I am not sure. I think that I should to see another field inside the hello or Update packet indicating a authentication issue.
Best regards,
09-12-2017 01:41 PM
Alfredo,
This is strange. If you change the key-string in a key chain, the MD5 sum in the Hello packets must change; in EIGRP, every single packet is cryptographically signed if the authentication is on, and if the key chain changes, the MD5 sum must change, too.
Can you please post the configuration of the router where you tested the authentication, and describe how you changed the key chain to see a change in the Wireshark?
Best regards,
Peter
09-13-2017 09:39 AM
Hello,
I have 2 routers connected directly.
CCIE1#show run router eigrp CCIE ! address-family ipv4 unicast autonomous-system 10 ! af-interface GigabitEthernet1/0/23 authentication mode md5 authentication key-chain CCIE exit-af-interface ! topology base exit-af-topology network 169.20.20.0 0.0.0.3 network 169.20.20.4 0.0.0.3 eigrp router-id 1.1.1.1 exit-address-family key chain CCIE key 1 key-string no //I have changed intentionally the password in order to view failed message in Wireshark
CCIE2#show run key chain CCIE key 1 key-string ccie.2018! router eigrp 10 network 169.20.20.4 0.0.0.3 network 169.20.20.12 0.0.0.3 eigrp router-id 2.2.2.2 eigrp stub connected summary
If instead of change the password I change the RID is possible to view the change in update packets. Can you confirm if the authentication settings should be appear in the TLV field into the Hello packet?
Best regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide