This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How can i see messeges (etc sccrq, scccn,icrq, icrp...) send by l2tp clients in wireshark? l2tp/ipsec connection is established between 2 windows machines (both windows server 2003), in captured i can see ikev1 negotiate, ppp negotiate but i cant see l2tp messeges, i'm using wireshark v1.4.0

asked 24 Nov '10, 15:30

makaraka's gravatar image

makaraka
1113
accept rate: 0%


I would assume these to be inside the IPSec tunnel.

permanent link

answered 25 Nov '10, 02:57

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

so if i trun off ipsec it should be visible in wireshark?

(25 Nov '10, 03:28) makaraka

I would assume so.

(25 Nov '10, 03:51) Jaap ♦

ok i was trying to turn off ipsec on this tunnel and make it only l2tp without ipsec but it didn't work, microsoft help about configuring l2tp tunnel without ipsec is little (they say to add to reg one value and it should work but it doesn't), so here is my next question: is there a possibility to decrypt l2tp/ipsec messeges in wireshark to see l2tp control messeges (ie sccrq etc.) if i know preshared key used by ipsec and how can i do this?

permanent link

answered 29 Nov '10, 04:10

makaraka's gravatar image

makaraka
1113
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×8

question asked: 24 Nov '10, 15:30

question was seen: 4,494 times

last updated: 29 Nov '10, 04:10

p​o​w​e​r​e​d by O​S​Q​A