How to Analyze Network Protocols, Learn More >>

Being able to support more than 300 protocols in the latest version, Capsa Network Sniffer make it easy to analyze protocols in network and understand what is happening.

Recommend Network Analysis Software >>

RFC 1058
RFC 1528
RFC 1723
RFC 2453

RIP2 (Routing Information Protocol) is used by Berkeley 4BSD UNIX systems to exchange routing information. Implemented by a UNIX program, RIP2 derives from an earlier protocol of the same name developed by Xerox.

RIP2 is an extension of the Routing Information Protocol (RIP) intended to expand the amount of useful information carried in the RIP2 messages and to add a measure of security.

RIP2 is a UDP-based protocol. Each host that uses RIP2 has a routing process that sends and receives datagrams on UDP port number 520. The packet format of RIP2 is shown in the illustration below.

32 bits



Address family identifier

Route tag (only for RIP2; 0 for RIP)

IP address

Subnet mask (only for RIP2; 0 for RIP)

Next hop (only for RIP2; 0 for RIP)


RIP2 packet structure

The portion of the datagram from Address Family Identifier through Metric may appear up to 25 times.

The command field is used to specify the purpose of this datagram:

1. Request: A request for the responding system to send all or part of its routing table.
2. Response: A message containing all or part of the senderís routing table. This message may be sent in response to a request or poll, or it may be an update message generated by the sender.
3. Traceon: Obsolete. Messages containing this command are to be ignored.
4. Traceoff: Obsolete. Messages containing this command are to be ignored.
5. Reserved: Used by Sun Microsystems for its own purposes.

The RIP version number. Datagrams are processed according to version number, as follows:

0 Datagrams whose version number is zero are to be ignored.
1 Datagrams whose version number is one are processed. All fields that are to be 0, are to be checked. If any such field contains a non-zero value, the entire message is ignored.
2 Specifies RIP messages which use authentication or carry information in any of the newly defined fields.
>2 Datagrams whose version numbers are greater than 1 are processed. All fields that are 0 are ignored.

Address family identifier
Indicates what type of address is specified in this particular entry. This is used because RIP2 may carry routing information for several different protocols. The address family identifier for IP is 2.

When authentication is in use, the Address Family Identifier field will be set to 0xFFFF, the Route Tag field contains the authentication type and the remainder of the message contains the password.

Route tag
Attribute assigned to a route which must be preserved and readvertised with a route. The route tag provides a method of separating internal RIP routes (routes for networks within the RIP routing domain) from external RIP routes, which may have been imported from an EGP or another IGP.

IP address
The IP address of the destination.

Subnet mask
Value applied to the IP address to yield the non-host portion of the address. If zero, then no subnet mask has been included for this entry.

Next hop
Immediate next hop IP address to which packets to the destination specified by this route entry should be forwarded.

Represents the total cost of getting a datagram from the host to that destination. This metric is the sum of the costs associated with the networks that would be traversed in getting to the destination

Vulnerabilities for this protocol (from CVE)

CVE ID Protocol Source Port Targetport

TCP/IP Protocols: