I am connected via pptp vpn over an ethernet connection to a server. I need to analyze packets to and from the server for a certain application. The application packets on the vpn link are captured as "PPP - Compressed datagram". The payload packets are not uncompressed in the packet listing so I can not see the actual payload. Is there a setting or plugin that will uncompress the payloads so I can see the actual data?
sample packet below:
No. Time Source Destination Protocol Length Info
626 230.787803000 192.168.0.36 97.66.74.115 PPP Comp 204 Compressed data
Frame 626: 204 bytes on wire (1632 bits), 204 bytes captured (1632 bits) on interface 0
Ethernet II, Src: WistronI_a4:c4:4c (f0:de:f1:a4:c4:4c), Dst: SierraWi_ff:f0:af (00:a0:d5:ff:f0:af)
Internet Protocol Version 4, Src: 192.168.0.36 (192.168.0.36), Dst: 97.66.74.115 (97.66.74.115)
Generic Routing Encapsulation (PPP)
Flags and Version: 0x3001
Protocol Type: PPP (0x880b)
Key: 0x009e84fc
Sequence Number: 4783
Point-to-Point Protocol
Protocol: Compressed datagram (0x00fd)
PPP Compressed Datagram
0000 00 a0 d5 ff f0 af f0 de f1 a4 c4 4c 08 00 45 00 ………..L..E.
0010 00 be 22 ad 00 00 80 2f 00 00 c0 a8 00 24 61 42 .."…./…..$aB
0020 4a 73 30 01 88 0b 00 9e 84 fc 00 00 12 af fd f2 Js0………….
0030 9d 09 9b 88 20 d8 45 2d cb 97 ff 98 c6 6f 2f 33 …. .E-…..o/3
0040 6c 1b 2c 19 56 56 06 20 eb d4 2d 9b fb 92 f9 58 l.,.VV. ..-….X
0050 ad 99 dd f4 14 2d 44 0c 2b eb 62 1e 0b 6f 8f 08 …..-D.+.b..o..
0060 d5 fd 1d 8b cc 42 84 d6 28 af 7f 60 f6 67 41 65 …..B..(..`.gAe
0070 7f 61 52 3f be 20 91 ed e6 55 14 9e c3 07 2c 8c .aR?. …U….,.
0080 0c c6 64 74 65 a9 01 70 c9 13 ab dd fd 0e 14 10 ..dte..p……..
0090 f8 a2 22 43 2b 7a a7 df 7d ac 93 5e 3d 69 34 25 .."C+z..}..^=i4%
00a0 f3 ec c5 4e 73 fa 97 47 47 97 cb da d0 3c 90 39 …Ns..GG….<.9
00b0 a8 b4 38 7a 54 46 20 4c c3 d0 cf b6 ab a1 45 31 ..8zTF L……E1
00c0 19 47 e1 28 9f 5e f2 a7 91 ca 4b 52 .G.(.^….KR
asked 14 Feb ‘13, 08:09
jcasler
11●1●1●2
accept rate: 0%
edited 14 Feb ‘13, 13:55
Guy Harris ♦♦
17.4k●3●35●196
