Category Archives: Packets of Interest

Packets of Interest (2015-06-19)

It’s been a while since I’ve done a POI so here we go.

The Mystery of Duqu 2.0: a sophisticated cyberespionage actor returns

Kaspersky Lab found this new variant of the Duqu malware in their own network. They wrote a paper based on their analysis of this new malware. It fascinates me how sophisticated these software packages are and how much effort the threat actors put into them.

Diffie-Hellman Key Exchange

Diffie-Hellman (DH) is the world’s first public key crypto system. It’s used in everything from secure browsing, to secure shell. This video visually demonstrates how the Diffie-Hellman key exchange works. The best part is that you don’t need to know anything about crypto to follow along.

Passphrases That You Can Memorize – But That Even the NSA Can’t Guess

Use this informative guide to generate secure, human-memorizable passphrases that are suitable for protecting your private PGP key, your private SSH key, and your master key for your password safe.

Encrypting Your Laptop Like You Mean It

A well written article about encrypting one’s laptop. Covers topics such as what disk encryption does and does not protect against, attacks against disk encryption, and then encrypting disks in Windows and OS X.

Packets of Interest 2012-06-12 – OSPF Refresher

I was recently brushing up and refreshing my OSPF knowledge and I discovered some great resources that I wanted to document for my future use and also share with others. I found these resources great for explaining/detailing area types, packet types, and neighbor states.

This first document hosted at is one of the best explanations of packet types I’ve ever seen due to the visual aids that the author, Jeremy Stretch, incorporated. This is a must-read.

OSPF areas and the packet types within them

Today’s topic is a source of considerable confusion for many people new to OSPF: area types. Recall that a large OSPF domain is typically broken into separate areas to restrict the propagation of routes and reduce the amount of resources required by each router to maintain its link state database. Each area is connected to a central backbone, area zero.

OSPF relies on several types of Link State Advertisements (LSAs) to communicate link state information between neighbors. A brief review of the most applicable LSA types…

This page on is a basic list of neighbor states. It’s short and to the point.

OSPF Neighbor States

When OSPF adjacency is formed, a router goes through several state changes before it becomes fully adjacent with its neighbor. Those states are defined in the OSPF RFC 2328, section 10.1. The states are Down, Attempt, Init, 2-Way, Exstart, Exchange, Loading, and Full. This document describes each state in detail.

Lastly, this list of OSPF packet types is even more short and to the point. It’s perfect for turning into a flip card to memorize these facts for a cert exam.

OSPF type of packets

OSPF uses Hello packets to discover and maintain neighbor relationships. Database Description (DDP) and Link State Request packets are used in the forming of adjacencies. OSPF’s reliable update mechanism is implemented by Link State Update and Link State Ack packets.