conference logo

Playlist "DENOG8"

BGP PCAP Parser

Christoph Dietzel

Network operations increasingly relies on tools and features to perform in-depth analysis of Internet routing behavior to optimize traffic flows or dissect DDoS attacks. In particular, IXPs commonly operate software routers such as BIRD or Quagga as BGP route servers. However, the implemented data processing features and tools are somewhat limited. BIRD does not support continues BGP exports, MRT dumps allow a post-best-path-selection view only, and the tshark BGP filtering capabilities are limited, just to name a few. In this talk we present a TCP dump BGP parser to overcome these limitations. The raw packets can be captured with tcpdump at the network interface of any software router and either be processed as a live-stream or stored and analyzed subsequently. For a post mortem analysis the BGP parser comes with a rich set of filters and export formats to meet the desired level of granularity. The presentation will showcase some compelling examples. Moreover, the tool can be extended as favored since it is available as open source project at GitHub.