Wireshark mailing list archives
Re: How to decode nested l2tp traffic?
From: Joan <aseques () gmail com>
Date: Thu, 22 May 2014 22:47:40 +0200
Unfortunately there is private data in that stream so I can't share it, other than this software you are saying, is there any other way to unwrap the l2tp traffic? 2014-05-22 20:13 GMT+02:00 Patrick Klos <patrick () klos com>:
Joan wrote:I am trying to extract the data transmitted into a l2tp tunnel, I am running thsark/tcpdump in the tunnel terminator. What I am using so far is this (4291 is the tunnel number): tcpdump -n -i eth3.800 "udp port 1701 && udp[8:2] & 0x80ff == 0x0002 && udp[10:2] == 4291" I took the filter line from here http://networkingbodges. blogspot.com.es/2012/11/tshark-one-liners.html The problem is that I would like to inspect the traffic inside the tunnel, but I could'nt find a reference on this. Any clues?Can you share a pcap file? I could run it through PacketView (which de-tunnels L2TP) and see if it helps?? Patrick Klos Klos Technologies, Inc.
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- How to decode nested l2tp traffic? Joan (May 22)
- Re: How to decode nested l2tp traffic? Patrick Klos (May 22)
- Re: How to decode nested l2tp traffic? Joan (May 22)
- Re: How to decode nested l2tp traffic? Guy Harris (May 22)
- Re: How to decode nested l2tp traffic? Joan (May 23)
- Re: How to decode nested l2tp traffic? Patrick Klos (May 22)