From owner-freebsd-questions Fri Jul 23 1:32:32 1999 Delivered-To: freebsd-questions@freebsd.org Received: from volodya.prime.net.ua (volodya.prime.net.ua [195.64.229.17]) by hub.freebsd.org (Postfix) with ESMTP id 60B5D15726 for ; Fri, 23 Jul 1999 01:31:45 -0700 (PDT) (envelope-from andyo@prime.net.ua) Received: from prime.net.ua (localhost [127.0.0.1]) by volodya.prime.net.ua (8.9.3/8.8.8) with ESMTP id LAA01100; Fri, 23 Jul 1999 11:31:38 +0300 (EEST) (envelope-from andyo@prime.net.ua) Message-ID: <37982866.A3A18B3D@prime.net.ua> Date: Fri, 23 Jul 1999 11:31:35 +0300 From: "Andy V. Oleynik" Organization: M-Info X-Mailer: Mozilla 4.61 [en] (X11; I; FreeBSD 3.2-STABLE i386) X-Accept-Language: en, ru, uk MIME-Version: 1.0 To: Divya Mehra Cc: freebsd-questions@FreeBSD.ORG Subject: Re: bpf and user PPP ( tun0 ) References: Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG ppp encapsulate different network protocols such as tcp inside its own packets. U cannot trace ppp with tcpdump 'cos tcpdump works with IP module wich is ontop of the link layer which ppp does. Divya Mehra wrote: > Thanks for the value input ! > > I am still not clear about the following : > > Can tcpdump be used to capture ppp control packets ( req,ack etc) > After starting ppp0 and a ping over it, tcdump could dump the ping > packets. But I could not dump the PPP control packets. > > Is there some way to dump the ppp control packets ? > > Thanks, > Divya > > ************************************************************************** > Divyashikha Mehra NTT Multimedia Communications Laboratories > Computer Systems Designer 250 Cambridge Avenue, Suite 205 > 650-833-3655 (Voice) Palo Alto, CA 940040, USA. > mailto : divya@nttmcl.com > *************************************************************************** > > On Thu, 22 Jul 1999, Brian Somers wrote: > > > > > > I invoked the BIOSETIF command before actually reading the the ppp > > > packets. > > > > > > 1) For tun0 i.e user PPP it returns error "Network down". > > > Only after PPP is up can I proceed further ( IPCP phase up). So I could > > > not capture any PPP packets. Is my approach correct ? > > > > As soon as ppp opens the tun device, it brings it UP. If you're > > getting "Network down" this should mean that ppp isn't running on > > that interface. > > > > > BIOGCGDLT returns DLT_NULL . Is that correct ? should it not be > > > returning DLT_PPP ? > > > > Dunno, I've never gone near the bpf device - tcpdump is the height of > > my knowledge in this area. However, DLT_NULL makes a lot of sense as > > bpf has no clue what's got the tun device open. > > > > > 2) For ppp0 what should BIOGDLT be returning ? > > > > I don't know much about the ppp interface - except that the code > > stinks :-I I would *expect* DLT_PPP, but again, bpf doesn't know, so > > I wouldn't be that surprised if it return DLT_NULL too. > > > > Disclaimer: I haven't looked at the if_ppp code to answer this, nor > > do I want to ;^1 > > > > > thanks, > > > Divya > > > > > > > > > ************************************************************************** > > > Divyashikha Mehra NTT Multimedia Communications Laboratories > > > Computer Systems Designer 250 Cambridge Avenue, Suite 205 > > > 650-833-3655 (Voice) Palo Alto, CA 940040, USA. > > > mailto : divya@nttmcl.com > > > *************************************************************************** > > > > > > > > > On Tue, 20 Jul 1999, Brian Somers wrote: > > > > > > > > Hi, > > > > > > > > > > Can anyone tell me if bpf support user ppp packet ( tun 0 device) or it > > > > > can be used only for kernel ppp ( ppp0 device ) ? > > > > > > > > Yes. > > > > > > > > > If it can support user ppp then what value should BIOSETIF be returning > > > > > when bpf is to be used for reading ppp packets? > > > > > > > > >From the bpf man page: > > > > > > > > BIOCSETIF (struct ifreq) Sets the hardware interface associate with > > > > the file. This command must be performed before any pack- > > > > ets can be read. The device is indicated by name using > > > > the ifr_name field of the ifreq structure. Additionally, > > > > performs the actions of BIOCFLUSH. > > > > > > > > > Thanks, > > > > > Divya > > > > > > > > > > ************************************************************************** > > > > > Divyashikha Mehra NTT Multimedia Communications Laboratories > > > > > Computer Systems Designer 250 Cambridge Avenue, Suite 205 > > > > > 650-833-3655 (Voice) Palo Alto, CA 940040, USA. > > > > > mailto : divya@nttmcl.com > > > > > *************************************************************************** > > > > -- > > Brian > > > > Don't _EVER_ lose your sense of humour ! > > > > > > > > --KAA00746.932634953/keep.lan.Awfulhak.org-- > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- WBW Andy V. Oleynik (When U work in virtual office prime.net.ua's U have good chance to obtain system administrator virtual money ö%-) +380442448363 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message