Wireshark · Ethereal-dev: Re: [ethereal-dev] Packet capture

Ethereal-dev: Re: [ethereal-dev] Packet capture

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxxxxx>

Date: Mon, 24 Jan 2000 13:40:09 -0800

>Does anybody know how to capture a PPP (LCP+NCP negociations) from a plain
>dialup connection (in Linux) ?
>If you try "ethereal -k -S -e ppp0 " you get only the IP layer traffic
>after the connection was made.

Unfortunately, that's the way PPP works with SOCK_PACKET (and
PF_PACKET/SOCK_RAW) in Linux - at least for async PPP, there appears to
be no way (other than patching the kernel *and* modifying libpcap to
know about that patch) to get anything other than the IP layer for a PPP
connection.

I think it would be possible to patch the PPP driver to do that - it'd
have to pass incoming LCP and NCP frames to SOCK_PACKET and
PF_PACKET/SOCK_RAW sockets, rather than just handing them to the PPP
daemon, and when it receives an LCP or NCP frame from the PPP daemon
it'd have to pass that to SOCK_PACKET and PF_PACKET/SOCK_RAW sockets,
and it'd have to *not* arrange to make it impossible for those sockets
to "back up" the socket buffer pointer to get at the PPP header.

Follow-Ups:
- Re: [ethereal-dev] Packet capture
  - From: Mark H. Wood

References:
- [ethereal-dev] Packet capture
  - From: Paul Ionescu

Prev by Date: [ethereal-dev] Packet capture
Next by Date: RE: [ethereal-dev] Plugin for Cisco ISL
Previous by thread: [ethereal-dev] Packet capture
Next by thread: Re: [ethereal-dev] Packet capture
Index(es):
- Date
- Thread