cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
948
Views
4
Helpful
3
Replies
amharsaputra
Beginner

VTP MD5 digest length

Hi,

Here is an image of VTP summary advertisement packet format taken from

http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080094c52.shtml#vtp_msg

Summary Advert Packet Format.gif

We can see the MD5 digest field is 16 bytes.

Now here is a sample output of "show vtp status"

VTP MD5 digest.jpg

Notice the MD5 digest (highlighted). I know "0x" is just a prefix for hexadecimal numbers. One hexadecimal character equals to 4 bits, two hexadecimal characters equal to 8 bits (1 byte). There is only 16 hexadecimal characters there, so just 8 bytes in total is shown in the output. But the Cisco documentation states the MD5 digest is 16 bytes long. So why is there only 8 bytes shown in MD5 digest in "show vtp status"?

Regards,

Putra

1 ACCEPTED SOLUTION

Accepted Solutions
Arumugam Muthaiah
Cisco Employee

Hi Amhar,

Alain said right option. I would like add some more detail,

  • Message Digest 5 (MD5) carries the VTP password, if MD5 is configured and used to authenticate the validation of a VTP update.
  • VTP takes the VTP domain name into account when calculating the VTP MD5 hash
  • The MD5 hash of a null (default) password. If you debug, you see like below data,

Log:

03:51:51: VTP LOG RUNTIME: Transmit vtp summary, domain CCIE, rev 11, followers 0, tlv blk size 8 (inc #tlv field),
   MD5 digest calculated = E1 92 86 29 E9 A5 D0 CC 6F 89 32 34 21 A0 C4 6D

Regards,

Aru

*** Please if this post is useful ***

Regards, Aru *** Please rate if the post useful ***

View solution in original post

3 REPLIES 3
cadet alain
Advisor

Hi,

can you put wireshark into action and see how it is encoded in the advertisement ?

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Arumugam Muthaiah
Cisco Employee

Hi Amhar,

Alain said right option. I would like add some more detail,

  • Message Digest 5 (MD5) carries the VTP password, if MD5 is configured and used to authenticate the validation of a VTP update.
  • VTP takes the VTP domain name into account when calculating the VTP MD5 hash
  • The MD5 hash of a null (default) password. If you debug, you see like below data,

Log:

03:51:51: VTP LOG RUNTIME: Transmit vtp summary, domain CCIE, rev 11, followers 0, tlv blk size 8 (inc #tlv field),
   MD5 digest calculated = E1 92 86 29 E9 A5 D0 CC 6F 89 32 34 21 A0 C4 6D

Regards,

Aru

*** Please if this post is useful ***

Regards, Aru *** Please rate if the post useful ***

View solution in original post

amharsaputra
Beginner

Hi Alain and Aru,

Thank you for your responses.

I put the Wireshark into action and here is the result:

The switch that I sniffed:

The result of wireshark sniff:

So apparently Cisco only show the first 8 bytes (out of 16 bytes) of MD5 digest from "show vtp status". But the actual length is really 16 bytes as shown in the Wireshark.

Furthermore, I just found out that on newer Catalyst IOS, "show vtp status" will show the whole 16 bytes of MD5 digest. Here is a sample:

Thank you Alain for leading me to use Wireshark.

Thank you Aru for further details and sample debug output.

Regards,

Putra