Improved L2TP support for Wireshark
Page 1 of 1

Author:  jchapman [ Tue Sep 11, 2012 5:43 pm ]
Post subject:  Improved L2TP support for Wireshark

We've contributed several enhancements to Wireshark's L2TP support:-

  • Automatic UDP ephemeral port tracking of L2TP connection establishment. When ephemeral UDP ports are used, it is no longer necessary to select UDP packets and use "Decode As -> L2TP".
  • Auto-detection of L2TPv3 L2SpecificHeader, Cookie and PseudowireType session parameters during session establishment. This means that Wireshark no longer requires user intervention to correctly decode the content of data carried in L2TPv3 sessions.
  • L2TPv3 MD5 and SHA1 Message Digest checking.
  • L2TPv3 Control Message Authentication checking.

If the session setup control message exchange is not available in the capture, the user can manually tell Wireshark the session parameters (PseudowireType, Cookie, etc) to allow Wireshark to disect the L2TP data packets.

The L2TPv3 Message Digest and Authentication checking feature lets users enter the L2TP shared secret by clicking on a packet in the conversation, then in the lower (middle) pane, right click on "> Layer 2 Tunneling Protocol version 3", then select "Protocol Preferences", then click on "Shared Secret". Wireshark will then highlight any packet in the conversation that it thinks has the wrong digest.

At this time, there is no official release with this support so you will need to build it from source to try it out. You can obtain the latest Wireshark source code from their anonymous svn repository at: Any version from r44879 has the above features. So please check it out and let us know what you think.

Page 1 of 1 All times are UTC [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group