Hi all, I have one problem, I cannot capture l2tp packets using wireshark on a Windows 7 machine. Can you please help me ? Kind regards, Christos asked 23 Sep '13, 06:51  ctsalidis showing 5 of 14 show 9 more comments |
One Answer:
I suspect your mirroring configuration is not working as you expect (instead of the capture laptop dropping the L2TP frames). On which device do you do the mirroring of the traffic? On the LNS? On the router? On a switch in between the LNS and the router? Could you provide details on the mirroring setup and the brand/type of the device on which you do the mirroring? Assuming you are not using a switch between the LNS and the router (as it was not in your drawing), are you able to insert a switch in between the LNS and the router and perform the mirroring on the switch? answered 26 Sep '13, 00:22  SYN-bit ♦♦ |
There shopuld be no diffrebce between Win7 and any other OS Wireshark runs on with regards to L2TP, it may be a problem with your capture setup or the farmes recived. Can you elaborate on your problem?
Maybe he tried to capture on the virtual adapter created by the l2tp client on Windows, which would not work due to WinPcap limitations.
Actually what I am doing is the following, I use mirroring to forward all the inbound and outbound packets of the router appliance to a specific port where my computer is connected, although I can receive a lot of packets, as BGP, LDP and others I cannot receive l2tp traffic. It makes sense that these packets somehow are discarded on my ethernet interface but I do not know why. I have additionally configured jumbo frames for my interface but nothing.
Any idea ? I am thinking to install a linux OS and give it a try.
Can you please add more details about the infrastructure?
Does it look like this?
If so, I wonder why you see BGP (on the internal side). If the infrastructure is different, please correct my ASCII art.
The image above does not match your statement. So, what exactly are you mirroring and where?
I mirror the LNS towards the Router interface to the port where my laptop is connected.
I cannot see mpls and l2tp packets. Only IP, TCP, LDP, BGP and maybe some more.
O.K. some questions:
Hi Kurt, to answer your questions.
The above network is a testing network where, where we run BGP as well.
The TCP traffic are always full conversations
I suspect that it should be something on my interface card, can it be the drivers ?
well, I don't think so. Why should the system drop l2tp traffic that is not directed to itself.
Anyway, just to rule that out, please remove the IPV4 binding of the sniffer interface on the PC - don't do that via RDP ;-)
Then capture another session and check the results.
Ok I will give it a try at the morning and then I will let you know! Anyway I would like to thank you for your time and effort :)
any difference?
I hadn't the chance to do the testing today however I will try to do it tomorrow in case I will some free time :D I will let you know as soon as I will do it!