Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to decode nested l2tp traffic?

From: Joan <aseques () gmail com>
Date: Fri, 23 May 2014 13:03:08 +0200
Basically, what i'd like to have, would be a pcap with the uncapsulated
traffic, so I can further inspect the contents, there's pppoe and others.
Best, would be to do it in realtime, but offline would suffice me too
El dia 23/05/2014 0.42, "Guy Harris" <guy () alum mit edu> va escriure:



On May 22, 2014, at 9:31 AM, Joan <aseques () gmail com> wrote:


I am trying to extract the data transmitted into a l2tp tunnel, I am

running thsark/tcpdump in the tunnel terminator. What I am using so far is
this (4291 is the tunnel number):

  tcpdump -n -i eth3.800 "udp port 1701 && udp[8:2] & 0x80ff == 0x0002

&& udp[10:2] == 4291"


I took the filter line from here

http://networkingbodges.blogspot.com.es/2012/11/tshark-one-liners.html


The problem is that I would like to inspect the traffic inside the tunnel


"Inspect" in what sense?  Wireshark *should* be able to dissect the
traffic inside the tunnel; is it not doing so, or do you want to inspect it
with some other tool?
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org
?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: