How to Analyze Network Protocols, Learn More >>

Being able to support more than 300 protocols in the latest version, Capsa Network Sniffer make it easy to analyze protocols in network and understand what is happening.

Recommend Network Analysis Software >>


RFC 2338 http://tools.ietf.org/html/rfc2338

(VRRP) specifies an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN. The VRRP router controlling the IP address(es) associated with a virtual router is called the Master, and forwards packets sent to these IP addresses. The election process provides dynamic fail over in the forwarding responsibility should the Master become unavailable. This allows any of the virtual router IP addresses on the LAN to be used as the default first hop router by end-hosts. The advantage gained from using VRRP is a higher availability default path without requiring configuration of dynamic routing or router discovery protocols on every end-host. This protocol is intended for use with IPv4 routers only. VRRP packets are sent encapsulated in IP packets.

The structure of the VRRP packet is:

0   7 15 23
Version Type Virtual Rtr ID Priority Count IP Addrs
Auth Type Advet Int Checksum
IP Address (1)
 

 

IP Address (n)
Authentication Data (1)
Authentication Data (2)

Version
The version field specifies the VRRP protocol version of this packet. This version is version 2. 

Type
The type field specifies the type of this VRRP packet. The only packet type defined in this version of the protocol is: 1 ADVERTISEMENT. 
A packet with an unknown type must be discarded. 

Virtual Rtr ID
The Virtual Router Identifier (VRID) field identifies the virtual router this packet is reporting status for.

Priority
Specifies the sending VRRP router's priority for the virtual router. VRRP routers backing up a virtual router MUST use priority values between 1-254 (decimal).

Count IP Addresses
The number of IP addresses contained in this VRRP advertisement.

Auth Type
Identifies the authentication method being utilized.

Authentication Methods

0          No Authentication
1          Simple Text Password
2          IP Authentication Header

Advertisement Interval
Indicates the time interval (in seconds) between advertisements.

Checksum
Used to detect data corruption in the VRRP message. The checksum is the 16-bit one's complement of the one's complement sum of the entire VRRP message starting with the version field. For computing the checksum, the checksum field is set to zero.

IP Address(es)
One or more IP addresses that are associated with the virtual router. The number of addresses included is specified in the "Count IP Addrs" field. These fields are used for troubleshooting misconfigured routers.

Authentication Data
The authentication string is currently only utilized for simple text authentication, similar to the simple text authentication found in the Open Shortest Path First routing protocol (OSPF). It is up to 8 characters of plain text

Vulnerabilities for this protocol (from CVE)

CVE ID Protocol Source Port Targetport

TCP/IP Protocols:

AHARP/RARPATMPBGP-4COPSDCAPDHCPDNS
DVMRPEGPEIGRPESPFANPFingerFTPHSRP
HTTPICMPICMPv6IGMPIGRPIMAP4IPIPDC
IPv6ISAKMPL2FL2TPLDAPMARSMobile IPNARP
NetBIOS/IPNHRPNTPOSPFPIMPOP3PPTPRadius
RIP2RIPng for IPv6RLOGINRSVPRTSPRUDPS-HTTPSCTP
SLPSMTPSNMPSOCKS V5TACACSTALITCPTELNET
TFTPUDPVan JacobsonVRRPWCCPX-WindowXOT