On Mon, 24 Jan 2000, Guy Harris wrote:
> >Does anybody know how to capture a PPP (LCP+NCP negociations) from a plain
> >dialup connection (in Linux) ?
> >If you try "ethereal -k -S -e ppp0 " you get only the IP layer traffic
> >after the connection was made.
[snip]
> I think it would be possible to patch the PPP driver to do that - it'd
> have to pass incoming LCP and NCP frames to SOCK_PACKET and
> PF_PACKET/SOCK_RAW sockets, rather than just handing them to the PPP
> daemon, and when it receives an LCP or NCP frame from the PPP daemon
> it'd have to pass that to SOCK_PACKET and PF_PACKET/SOCK_RAW sockets,
> and it'd have to *not* arrange to make it impossible for those sockets
> to "back up" the socket buffer pointer to get at the PPP header.
Wouldn't it be easier to turn on "kdebug" in pppd and write a little
script to reformat the appropriate syslog entries for feeding into
ethereal? These mod.s are really, really stretching the meaning of "packet
socket". For that matter, if you turn on "debug" in pppd you get the raw
frames already interpreted for you, and if you have "kdebug" on as well
you can even compare the bits to the interpretation to see if pppd has got
something wrong.
--
Mark H. Wood, Lead System Programmer mwood@xxxxxxxxx
"Where's the kaboom? There was supposed to be an Earth-shattering kaboom!"
-- Marvin Martian, 01/01/2000 00:00:00