EIGRP packet how is it packaged for network distribution?

Hi Everyone,

Please excuse my ignorance but I’m doing a Networking Module as part of a masters course and I’m trying to get some sound advice about how EIGRP is used practically. So my total knowledge of networking has been accumulated over the previous 6 weeks so its limited so no laughing!

I’m trying to understand how the EIGRP packets are distributed between the network nodes. I can understand the various packet types and their jobs that all makes perfect sense. However, the bit I’m trying to get clarification on is how the packet is physically sent from router A to B.

My understanding is that the EIGRP packet is wrapped in a RTP packet and the RTP packet is wrapped in IP packet and passed between the OSI layers Layer 3 and Layer 4, or am I completely failing to grasp this?

Thanks in advance

Hello Andrew

First of all way to go for getting started with learning networking in the past 6 weeks! That’s quite a feat! We wish you the best in your studies, and if we can help along the way, that will make us happy!

The best thing you can probably do to “see” how these EIGRP messages are exchanged between routers is to use Wireshark to capture some and look at them. If you haven’t used it or if you’re not sure what it is, then take a look at this section of this lesson about the OSI model, and you’ll see that it is extremely useful for what you need.

Getting back to your question, let’s take a look at a Wireshark capture of some EIGRP packets. You can view this in an online environment (which is called Cloudshark) as well, by clicking the following link:
You can see some hello packets, some hello acknowledgment packets, and some update packets. Clicking on the hello packet, I see that we have an IPv4 header, which is encapsulating an EIGRP header.

Taking a look at the update message, we see something similar.

Now going back to what you said, yes, Reliable Transport Protocol (not Real-time Transport Protocol) is actually used to transport these packets. But why don’t we see it in Wireshark? Well, the RTP is actually a “Cisco proprietary protocol” that is used solely for EIGRP, so what we are actually seeing is the RTP header even though Wireshark doesn’t call it that. The section called “Cisco EIGRP” is actually composed of two parts: the RTP header, and the EIGRP payload. Here it is again:

Highlighted are the portions that pertain to RTP. Notice that we have flags, as well as sequence numbers and acknowledgment numbers, something that we often see in transport layer protocols such as TCP.

From these Wireshark/Cloudshark outputs, you can clearly see the Cisco EIGRP layer (RTP/Layer 4) encapsulated in the IPv4 header, which in turn is encapsulated in the Ethernet frame and so on, much as you described. So I think you’ve got it clear in your head. I hope this information helped you to fill in those gaps that may have been missing.

I hope this has been helpful!


1 Like

Thank you for the response, I was aware of Wireshark but haven’t tried it but I definitely will, your explanation is great and has given me the confidence to move forwards.

1 Like