This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

L2TP messege capture

0

How can i see messeges (etc sccrq, scccn,icrq, icrp...) send by l2tp clients in wireshark? l2tp/ipsec connection is established between 2 windows machines (both windows server 2003), in captured i can see ikev1 negotiate, ppp negotiate but i cant see l2tp messeges, i'm using wireshark v1.4.0

asked 24 Nov '10, 15:30

makaraka's gravatar image

makaraka
1113
accept rate: 0%


2 Answers:

1

I would assume these to be inside the IPSec tunnel.

answered 25 Nov '10, 02:57

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

so if i trun off ipsec it should be visible in wireshark?

(25 Nov '10, 03:28) makaraka

I would assume so.

(25 Nov '10, 03:51) Jaap ♦

0

ok i was trying to turn off ipsec on this tunnel and make it only l2tp without ipsec but it didn't work, microsoft help about configuring l2tp tunnel without ipsec is little (they say to add to reg one value and it should work but it doesn't), so here is my next question: is there a possibility to decrypt l2tp/ipsec messeges in wireshark to see l2tp control messeges (ie sccrq etc.) if i know preshared key used by ipsec and how can i do this?

answered 29 Nov '10, 04:10

makaraka's gravatar image

makaraka
1113
accept rate: 0%