On Nov 17, 2016, at 7:29 AM, Zaphod Beeblebrox wrote:
> Fundamental to my problem is filtering the PPP inside L2TP. Making this
> complex, the L2TP speakers I'm dealing with don't deliver at the same
> offsets.
...and libpcap's filter-to-BPF compiler doesn't have a "check for L2TP and, if
you
Zaphod Beeblebrox wrote:
> Something like "ppp[0:2] == 0x8021" should pull out the IPCP. Or is
> that ppp[2:2] ... but neither works. Some other reading that's hard to
> find would suggest something like "protochain l2tp and ppp proto
> 0x8021" ... but that doesn't work either.
So... I have some malfunctioning L2TP servers. Not your problem. I
would like to get a packet dump of just L2TP control packets + L2TP
packets containing PPP packets of LCP, IPCP, IP6CP and PAP. I would
also (less important) like to filter out LCP echo/reply. This is why
I'm writing to this lis
