Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: The format of BGP messages with routeviews - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
The format of BGP messages with routeviews
Hello,

I have a question about BGP messages, i
download a file updates.20160701.0000.bz2 from routeviews
website, i use a tool to extract data, i have this lines: BGP4MP|1378027817|A|202.249.2.86|7500|41.191.103.0/24|7500 2518 2914 1273 36994 37672 37089|IGP|202.249.2.86|0|0||NAG|| BGP4MP|1378027818|W|202.249.2.169|2497|41.216.64.0/19 My question is how i
interpret this, in other words what is the ASN that announces the prefix?


Thanks in advance.
samara

1 Posts
This may help...

https://labs.ripe.net/Members/yasuhiro_ohara/bgpdump2

~Traven
Traven37

2 Posts
TYPE: BGP4MP/BGP4MP_MESSAGE AFI_IP
MESSAGE ID:1378027817
BGP PACKET TYPE: ACTIVE (A)
FROM: 202.249.2.86
AS NUMBER:7500
ANNOUNCED: 41.191.103.0/24
ORIGIN: IGP
AS_PATH: 7500 2518 2914 1273 36994 37672 37089
NEXT_HOP: 202.249.2.86

This is crude, but the best I could come up with in the short amount of time. As always, double check, read the RFCs and do some google research.

Good luck.
Traven37

2 Posts
You might find this project of interest on github,
https://github.com/yasuhiro-ohara-ntt/bgpdump2
Anonymous

Sign Up for Free or Log In to start participating in the conversation!