How to Analyze Network Protocols, Learn More >>

Being able to support more than 300 protocols in the latest version, Capsa Network Sniffer make it easy to analyze protocols in network and understand what is happening.

Recommend Network Analysis Software >>


RFC 3040 http://tools.ietf.org/html/rfc3040

The Web Cache Coordination Protocol (WCCP) has 2 main functions. The first is to allow a router enabled for transparent redirection to discover, verify, and advertise connectivity to one or more web-caches.

Transparent redirection is a technique used to deploy web-caching without the need for reconfiguration of web-clients. It involves the interception and redirection of HTTP traffic to one or more web-caches by a router or switch, transparently to the web-client.

The second function of WCCP is to allow one of the web-caches, the designated web-cache, to dictate how the router distributes redirected traffic across the web-cache farm. It is recommended that the web-cache with the lowest IP address be elected as designated web-cache for a farm.

Each WCCP protocol packet is carried in a UDP packet with a destination port of 2048.

 Packets can be of the following types; HERE_I_AM, I_SEE_YOU, ASSIGN_BUCKETS.

HERE I AM

The format of the Here I am message isL

3 bytes
Type
Protocol Version
Hash revision
Hash Information (1)
 
Hash Information (7)
U

Reserved

Received Id.

Type
WCCP_HERE_I_AM

Protocol Version
This field has a value of 4.

Hash Revision
The value of this field is 0.

Hash Information
A 256-element bit-vector. A set bit indicates that the corresponding bucket in the Redirection Hash Table is assigned to this web-cache.

U
The value of the U flag present in the last WCCP_I_SEE_YOU message received by this cache. Set in first WCCP_HERE_I_AM to indicate that Hash Information is historical.

Received ID
The value of the Received ID present in the last WCCP_I_SEE_YOU received by this web-cache.

I SEE YOU Message

The format of the I SEE YOU message is:

3 bytes
Type
Protocol Version
Change number
Received Id.
Number of WCs
Web-Cache List Entry(0)
 
Web-Cache List Entry (n) v
 

Type
WCCP_I_SEE_YOU

Protocol Version
4

Change Number
Incremented if a Web-Cache List Entry has been added, removed or its hash information has been modified since the last WCCP_I_SEE_YOU sent by the router.

Received ID
Incremented each time the router generates a WCCP_I_SEE_YOU.

Number of WCs
Number of Web-Cache List Entry elements in the packet.

Web Cached List entry
The Web-Cache List Entry describes a Web-Cache by IP Address and lists the redirection hash table entries assigned to it.

WCCP ASSIGN BUCKET

The format of the WCCP ASSIGN BUCKET message is: 

3 bytes
Type
Received ID
Number of Web Caches
Web Cache 0 IP address
 
Web Cache n IP address
Bucket 0 Bucket 1 Bucket 2 bucket 3
 
Bucket 252 Bucket 253 Bucket 254 bucket 255

Type
WCCP_ASSIGN_BUCKET

Received ID
Value of Received ID in last WCCP_I_SEE_YOU received from router.

Number of Web Caches
Number of Web Caches to which redirect traffic can be sent.

Web Cache IP address 0-n
IP Addresses of Web-Caches to which redirect traffic can be sent. The position of a Web-Cache's IP Address in this list is the Web-Cache's index number. The first entry in the list has an index number of zero.

Buckets 0-255
These 256 buckets represent the redirection hash table. The value of each bucket may be 0xFF (Unassigned) or a Web-Cache index number (0-31).

Vulnerabilities for this protocol (from CVE)

CVE ID Protocol Source Port Targetport

TCP/IP Protocols:

AHARP/RARPATMPBGP-4COPSDCAPDHCPDNS
DVMRPEGPEIGRPESPFANPFingerFTPHSRP
HTTPICMPICMPv6IGMPIGRPIMAP4IPIPDC
IPv6ISAKMPL2FL2TPLDAPMARSMobile IPNARP
NetBIOS/IPNHRPNTPOSPFPIMPOP3PPTPRadius
RIP2RIPng for IPv6RLOGINRSVPRTSPRUDPS-HTTPSCTP
SLPSMTPSNMPSOCKS V5TACACSTALITCPTELNET
TFTPUDPVan JacobsonVRRPWCCPX-WindowXOT