How to Analyze Network Protocols, Learn More >>

Being able to support more than 300 protocols in the latest version, Capsa Network Sniffer make it easy to analyze protocols in network and understand what is happening.

Recommend Network Analysis Software >>


RFC 2332 http://tools.ietf.org/html/rfc2332

draft http://info.internet.isi.edu:80/in-drafts/files/draft-ietf-rolc-nhrp-15.txt

The NBMA Next Hop Resolution Protocol (NHRP) allows a source station (a host or router), wishing to communicate over a Non-Broadcast, Multi-Access (NBMA) subnetwork, to determine the internetworking layer addresses and NBMA addresses of suitable NBMA next hops toward a destination station.

The format of the header is shown in the following illustration:

8
16
24
  32 bits

ar$afn

ar$pro.type

ar$pro.snap

ar$pro.snap

ar$hopcnt

ar$pkstz

ar$chksum

ar$extoff

ar$op.version

ar$op.type

ar$shtl ar$sstl
NHRP header structure

ar$afn
Defines the type of link layer address being carried.

ar$pro.type
This field is a 16 bit unsigned integer.

ar$pro.snap
When ar$pro.type has a value of 0x0080, a snap encoded extension is being used to encode the protocol type. This snap extension is placed in the ar$pro.snap field; otherwise this field should be set to 0.

ar$hopcnt
The hop count. This indicates the maximum number of NHSs that an NHRP packet is allowed to traverse before being discarded.

ar$pktsz
The total length of the NHRP packet in octets.

ar$chksum
The standard IP checksum over the entire NHRP packet.

ar$extoff
This field identifies the existence and location of NHRP extensions.

ar$op.version
This field indicates what version of generic address mapping and management protocol is represented by this message.

ar$op.type
If the ar$op.version is 1 then this field represents the NHRP packet type. Possible values for packet types are:

1 NHRP Resolution Request.
2 NHRP Resolution Reply.
3 NHRP Registration Request.
4 NHRP Registration Reply.
5 NHRP Purge Request.
6 NHRP Purge Reply.
7 NHRP Error Indication.

ar$shtl
The type and length of the source NBMA address interpreted in the context of the address family number.

ar$sstl
The type and length of the source NBMA subaddress interpreted in the context of the "address family number".

Vulnerabilities for this protocol (from CVE)

CVE ID Protocol Source Port Targetport

TCP/IP Protocols:

AHARP/RARPATMPBGP-4COPSDCAPDHCPDNS
DVMRPEGPEIGRPESPFANPFingerFTPHSRP
HTTPICMPICMPv6IGMPIGRPIMAP4IPIPDC
IPv6ISAKMPL2FL2TPLDAPMARSMobile IPNARP
NetBIOS/IPNHRPNTPOSPFPIMPOP3PPTPRadius
RIP2RIPng for IPv6RLOGINRSVPRTSPRUDPS-HTTPSCTP
SLPSMTPSNMPSOCKS V5TACACSTALITCPTELNET
TFTPUDPVan JacobsonVRRPWCCPX-WindowXOT