Capture RIP v1 Updates in GNS3 Using Wireshark

What is RIP v1?

• A distance-vector routing protocol

• One of the oldest routing protocols

• Uses hop count as its routing metric

• Designed for small, simple networks

Metric & Limits

• Metric used: Hop Count

• Maximum hop count = 15

• 16 hops = unreachable (infinity)

• Not suitable for large networks because of this limit

Routing Updates

• Sends full routing table updates

• Update interval: every 30 seconds

• Uses broadcast (255.255.255.255)

• Can cause high bandwidth usage

Addressing & Classfulness

• Classful routing protocol

• Does NOT support VLSM (Variable Length Subnet Mask)

• Does NOT include subnet mask in updates

• Assumes default class A, B, or C networks

Security

• No authentication

• Routing updates are not encrypted

• Vulnerable to routing attacks or misconfigurations

Performance

• Slow convergence

• Network changes take time to propagate

• Not ideal for networks with frequent topology changes

Administrative Details

• Administrative Distance (AD): 120

• Uses UDP port 520

Advantages

• Very easy to configure

• Simple to understand

• Low CPU and memory usage

Disadvantages

• No VLSM support

• No authentication

• Slow convergence

• Limited scalability

• High broadcast traffic

RIP v1 vs RIP v2 (Quick Tip)

• RIP v1 → Classful, insecure

• RIP v2 → Classless, supports VLSM & authentication

Lab Objective

• Configure RIP version 1 on two Cisco routers (R1 and R2)

• Enable RIP to advertise connected networks over a serial link

• PCs (VPCS) obtain static IPs on LAN segments

• Verify RIP route exchange and convergence

• Capture and analyze RIPv1 broadcast updates using Wireshark

Network Topology

STEP 1: Configure IP Addresses on PCs (VPCS)

PC1 console:

PC2 console:

Verify:

Cross-ping (PC1 → PC2) will fail until RIP is configured.

STEP 2: Configure R1 Interfaces & RIP

STEP 3: Configure R2 Interfaces & RIP

Test end-to-end:

STEP 5: Capture RIP Traffic with Wireshark

• In GNS3, right-click the serial link between R1 and R2 → Start capture

• Wireshark opens → start capturing

• Wait 30–60 seconds (RIP sends updates every 30s)

• Apply display filter:

or

• Observe RIP Response packets (matches your screenshot):

  • Command: Response (2)

  • Version: RIP version 1

  • Source: 10.0.0.1 or 10.0.0.2

  • Destination: 255.255.255.255 (broadcast)

  • UDP src/dst port: 520

  • Advertised routes: e.g. 192.168.2.0 Metric: 1

• Example packet detail:

💖 Support Our Work

If you find this post helpful and would like to support my work, you can send a donation via TRC-20 (USDT). Your contributions help us keep creating and sharing more valuable content.

Thank you for your generosity! 🙏

Keywords

RIP, RIPv1, Routing Information Protocol, GNS3, Wireshark, RIP updates, broadcast, version 1, classful routing, hop count, network command, router rip, UDP 520, response packet, metric 1, serial link, VPCS, dynamic routing, route table, convergence, nerd cafe , نرد کافه

Channel Overview

🌐 Website: www.nerd-cafe.ir

📺 YouTube: @nerd-cafe

🎥 Aparat: nerd_cafe

📌 Pinterest: nerd_cafe

📱 Telegram: @nerd_cafe

📝 Blog: Nerd Café on Virgool

💻 GitHub: nerd-cafe