Ethereal-users: Re: [Ethereal-users] Snooping on L2TP

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 9 Jan 2004 15:03:18 -0800

On Jan 9, 2004, at 10:33 AM, Mathew Kayalackakom wrote:
Help - I am a newbie to Ethereal and would like to decode L2TP with IPSec packets in an 802.11 header using ethereal.
Ethereal can capture on 802.11 networks on some OSes (although only with some network cards in some versions of Linux and BSD can it capture management and control frames - you want to handle IP frames, however, so that's not an issue).
Note that, on Windows, the drivers for at least some cards won't show you packets *transmitted* by the machine running Ethereal (or any other WinPcap-based application) if you're capturing in promiscuous mode. I don't know whether they capture traffic between two unrelated machines in promiscuous mode. I also don't know what cards those are.
Ethereal can dissect L2TP and IPsec (in the sense of AH and ESP), but it can't decrypt encrypted IPsec packets.