This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Don’t show clear information when I use PPP encapsulation on GNS3

0

Hello everybody

I'm working with GNS3 and PPP encapsulation I put the simple example the PPP encapsulation.

This is the desing of the network

alt text

This is the basic configuration is:

R1

Router(config)#int s0/0
Router(config-if)#ip address 190.0.0.1 255.255.255.0  
Router(config-if)#encapsulation ppp
Router(config-if)#no sh 
Router(config-if)#exit

R2

Router(config)#int s0/0
Router(config-if)#ip address 190.0.0.2 255.255.255.0
Router(config-if)#encapsulation ppp
Router(config-if)#no sh
Router(config-if)#exit

So when I try to capture the information with Wireshark I get the following information.

alt text

This is the specifications of my platform:

Linux socialmedia 3.14-1-amd64 #1 SMP Debian 3.14.4-1 (2014-05-13) x86_64 GNU/Linux

Running the command wireshark -v

wireshark 1.10.7 (v1.10.7-0-g6b931a1 from master-1.10)

Compiled (64-bit) with GTK+ 3.12.2, with Cairo 1.12.16, with Pango 1.36.3, with
GLib 2.40.0, with libpcap, with libz 1.2.8, with POSIX capabilities (Linux),
with libnl 3, with SMI 0.4.8, with c-ares 1.10.0, with Lua 5.2, without Python,
with GnuTLS 3.2.14, with Gcrypt 1.5.3, with MIT Kerberos, with GeoIP, with
PortAudio V19-devel (built Feb 15 2014 23:28:00), without AirPcap.


Running on Linux 3.14-1-amd64, with locale es_CO.UTF-8, with libpcap version
1.5.3, with libz 1.2.8, GnuTLS 3.2.15, Gcrypt 1.5.3.
AMD C-60 APU with Radeon(tm) HD Graphics


Built using gcc 4.8.3.

I can see nothing. Someone could tell me why does this happen and how to fix it?

According with this: http://wiki.wireshark.org/CaptureSetup/PPP, it’s possible but I don’t kwow how.

asked 08 Jun ‘14, 07:53

cristianchaparroa's gravatar image

cristianchap…
6113
accept rate: 0%

edited 08 Jun ‘14, 18:42

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196

So what are machines R1 and R2, and is the Linux box on which you ran Wireshark one of those two machines or some third machine plugged into the connection between R1 and R2?

(08 Jun ‘14, 17:58) Guy Harris ♦♦

I don’t understand your question. R1 and R2 are routers, and I use vpcs, virtual machines to connect to it. Remember it is a LAB with GNS3. I run GNS3 on Linux machine.

(08 Jun ‘14, 18:06) cristianchap…

Just to clarify Guy, GNS3 is virualization software that allows you to run Cisco/Juniper routers, and even clients/servers (Virtual Box hosts), in one big virtual network sandbox.

Within that environment, GNS3 supports exporting packets between the virtual systems into Wireshark. The problem here is that he’s using GNS3’s default L2 protocol for serial interfaces (HDLC) for generating the packet capture so Wireshark will decode it that way, while he’s manually configured PPP on the routers themselves.

(08 Jun ‘14, 18:25) Quadratic

One Answer:

1

Your problem is that you're using GNS3's default L2 protocol for packet captures (HDLC) instead of specifying PPP. When you right-click to "Start Capture" on an interface in GNS3, click the drop-down and specify PPP specifically.

Wireshark needs to be given a context (what L2 protocol is in use) in order to know how to decode the packets correctly. GNS3 doesn't know what L2 protocol you're going to configure on that router's serial interface, so it default to HDLC and gives you the option to specify the L2 encapsulation to use.

answered 08 Jun '14, 18:19

Quadratic's gravatar image

Quadratic
1.9k6928
accept rate: 13%

edited 08 Jun '14, 18:27

That awkward I am, thanks for your answer.

(08 Jun '14, 18:37) cristianchap...

No problem. :)

(08 Jun '14, 20:14) Quadratic