Wireshark-dev: Re: [Wireshark-dev] decoding thru unencrypted VPN tunnel
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Stephen Fisher <stephentfisher@xxxxxxxxx>
Date: Tue, 13 Mar 2007 11:26:10 -0700
On Tue, Mar 13, 2007 at 10:47:44AM -0700, Bill Fassler wrote:

> My traffic is encapsulated in a VPN tunnel, when it is unencrypted I 
> can see the start of the IP protocol 5 bytes into the payload. The 
> first 5 bytes are overhead protocols for the tunnel itself (some form 
> of PPP I believe).  In any event I could care less at this time about 
> those 5 bytes and I don't even understand that protocol enough at the 
> moment to dissect and decode it (nor am I interested).

It would be best to build a dissector that understands these top 5 bytes 
and figures out that the payload is IP.  Could you send a packet trace 
with a few packets in it, so maybe we could help figure out what the 
protocol is?  


Steve