Wireshark · Wireshark-users: Re: [Wireshark-users] How to decode nested l2tp traffic?

Wireshark-users: Re: [Wireshark-users] How to decode nested l2tp traffic?

From: Patrick Klos <patrick@xxxxxxxx>

Date: Thu, 22 May 2014 14:13:04 -0400

Joan wrote:

I am trying to extract the data transmitted into a l2tp tunnel, I amrunning thsark/tcpdump in the tunnel terminator. What I am using sofar is this (4291 is the tunnel number):tcpdump -n -i eth3.800 "udp port 1701 && udp[8:2] & 0x80ff == 0x0002&& udp[10:2] == 4291"I took the filter line from herehttp://networkingbodges.blogspot.com.es/2012/11/tshark-one-liners.html
The problem is that I would like to inspect the traffic inside thetunnel, but I could'nt find a reference on this.
Any clues?

Can you share a pcap file? I could run it through PacketView (whichde-tunnels L2TP) and see if it helps??


Patrick Klos
Klos Technologies, Inc.

Follow-Ups:
- Re: [Wireshark-users] How to decode nested l2tp traffic?
  - From: Joan

References:
- [Wireshark-users] How to decode nested l2tp traffic?
  - From: Joan

Prev by Date: [Wireshark-users] How to decode nested l2tp traffic?
Next by Date: Re: [Wireshark-users] How to decode nested l2tp traffic?
Previous by thread: [Wireshark-users] How to decode nested l2tp traffic?
Next by thread: Re: [Wireshark-users] How to decode nested l2tp traffic?
Index(es):
- Date
- Thread