How to Analyze Network Protocols, Learn More >>

Being able to support more than 300 protocols in the latest version, Capsa Network Sniffer make it easy to analyze protocols in network and understand what is happening.

Recommend Network Analysis Software >>

RFC 2338

(VRRP) specifies an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN. The VRRP router controlling the IP address(es) associated with a virtual router is called the Master, and forwards packets sent to these IP addresses. The election process provides dynamic fail over in the forwarding responsibility should the Master become unavailable. This allows any of the virtual router IP addresses on the LAN to be used as the default first hop router by end-hosts. The advantage gained from using VRRP is a higher availability default path without requiring configuration of dynamic routing or router discovery protocols on every end-host. This protocol is intended for use with IPv4 routers only. VRRP packets are sent encapsulated in IP packets.

The structure of the VRRP packet is:

0   7 15 23
Version Type Virtual Rtr ID Priority Count IP Addrs
Auth Type Advet Int Checksum
IP Address (1)


IP Address (n)
Authentication Data (1)
Authentication Data (2)

The version field specifies the VRRP protocol version of this packet. This version is version 2. 

The type field specifies the type of this VRRP packet. The only packet type defined in this version of the protocol is: 1 ADVERTISEMENT. 
A packet with an unknown type must be discarded. 

Virtual Rtr ID
The Virtual Router Identifier (VRID) field identifies the virtual router this packet is reporting status for.

Specifies the sending VRRP router's priority for the virtual router. VRRP routers backing up a virtual router MUST use priority values between 1-254 (decimal).

Count IP Addresses
The number of IP addresses contained in this VRRP advertisement.

Auth Type
Identifies the authentication method being utilized.

Authentication Methods

0          No Authentication
1          Simple Text Password
2          IP Authentication Header

Advertisement Interval
Indicates the time interval (in seconds) between advertisements.

Used to detect data corruption in the VRRP message. The checksum is the 16-bit one's complement of the one's complement sum of the entire VRRP message starting with the version field. For computing the checksum, the checksum field is set to zero.

IP Address(es)
One or more IP addresses that are associated with the virtual router. The number of addresses included is specified in the "Count IP Addrs" field. These fields are used for troubleshooting misconfigured routers.

Authentication Data
The authentication string is currently only utilized for simple text authentication, similar to the simple text authentication found in the Open Shortest Path First routing protocol (OSPF). It is up to 8 characters of plain text

Vulnerabilities for this protocol (from CVE)

CVE ID Protocol Source Port Targetport

TCP/IP Protocols: