Date: Fri, 23 Jul 1999 11:31:35 +0300 From: "Andy V. Oleynik" <andyo@prime.net.ua> To: Divya Mehra <divya@nttmcl.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: bpf and user PPP ( tun0 ) Message-ID: <37982866.A3A18B3D@prime.net.ua> References: <Pine.GSO.3.95LJ1.1b4.990722152324.27027A-100000@alicia.nttmcl.com>
next in thread | previous in thread | raw e-mail | index | archive | help
ppp encapsulate different network protocols such as tcp inside its own packets. U cannot trace ppp with tcpdump 'cos tcpdump works with IP module wich is ontop of the link layer which ppp does. Divya Mehra wrote: > Thanks for the value input ! > > I am still not clear about the following : > > Can tcpdump be used to capture ppp control packets ( req,ack etc) > After starting ppp0 and a ping over it, tcdump could dump the ping > packets. But I could not dump the PPP control packets. > > Is there some way to dump the ppp control packets ? > > Thanks, > Divya > > ************************************************************************** > Divyashikha Mehra NTT Multimedia Communications Laboratories > Computer Systems Designer 250 Cambridge Avenue, Suite 205 > 650-833-3655 (Voice) Palo Alto, CA 940040, USA. > mailto : divya@nttmcl.com > *************************************************************************** > > On Thu, 22 Jul 1999, Brian Somers wrote: > > > > > > I invoked the BIOSETIF command before actually reading the the ppp > > > packets. > > > > > > 1) For tun0 i.e user PPP it returns error "Network down". > > > Only after PPP is up can I proceed further ( IPCP phase up). So I could > > > not capture any PPP packets. Is my approach correct ? > > > > As soon as ppp opens the tun device, it brings it UP. If you're > > getting "Network down" this should mean that ppp isn't running on > > that interface. > > > > > BIOGCGDLT returns DLT_NULL . Is that correct ? should it not be > > > returning DLT_PPP ? > > > > Dunno, I've never gone near the bpf device - tcpdump is the height of > > my knowledge in this area. However, DLT_NULL makes a lot of sense as > > bpf has no clue what's got the tun device open. > > > > > 2) For ppp0 what should BIOGDLT be returning ? > > > > I don't know much about the ppp interface - except that the code > > stinks :-I I would *expect* DLT_PPP, but again, bpf doesn't know, so > > I wouldn't be that surprised if it return DLT_NULL too. > > > > Disclaimer: I haven't looked at the if_ppp code to answer this, nor > > do I want to ;^1 > > > > > thanks, > > > Divya > > > > > > > > > ************************************************************************** > > > Divyashikha Mehra NTT Multimedia Communications Laboratories > > > Computer Systems Designer 250 Cambridge Avenue, Suite 205 > > > 650-833-3655 (Voice) Palo Alto, CA 940040, USA. > > > mailto : divya@nttmcl.com > > > *************************************************************************** > > > > > > > > > On Tue, 20 Jul 1999, Brian Somers wrote: > > > > > > > > Hi, > > > > > > > > > > Can anyone tell me if bpf support user ppp packet ( tun 0 device) or it > > > > > can be used only for kernel ppp ( ppp0 device ) ? > > > > > > > > Yes. > > > > > > > > > If it can support user ppp then what value should BIOSETIF be returning > > > > > when bpf is to be used for reading ppp packets? > > > > > > > > >From the bpf man page: > > > > > > > > BIOCSETIF (struct ifreq) Sets the hardware interface associate with > > > > the file. This command must be performed before any pack- > > > > ets can be read. The device is indicated by name using > > > > the ifr_name field of the ifreq structure. Additionally, > > > > performs the actions of BIOCFLUSH. > > > > > > > > > Thanks, > > > > > Divya > > > > > > > > > > ************************************************************************** > > > > > Divyashikha Mehra NTT Multimedia Communications Laboratories > > > > > Computer Systems Designer 250 Cambridge Avenue, Suite 205 > > > > > 650-833-3655 (Voice) Palo Alto, CA 940040, USA. > > > > > mailto : divya@nttmcl.com > > > > > *************************************************************************** > > > > -- > > Brian <brian@Awfulhak.org> <brian@FreeBSD.org> > > <http://www.Awfulhak.org> <brian@OpenBSD.org> > > Don't _EVER_ lose your sense of humour ! <brian@FreeBSD.org.uk> > > > > > > > > --KAA00746.932634953/keep.lan.Awfulhak.org-- > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- WBW Andy V. Oleynik (When U work in virtual office prime.net.ua's U have good chance to obtain system administrator virtual money ö%-) +380442448363 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37982866.A3A18B3D>