Hi,
At 04:21 PM 12/18/99 -0800, you wrote:
>> > > I would like to grab the ppp-setup, but when I grab from ppp0, I get
packets
>> > > as raw-IP. Does anyone know how I can grab all ppp LCP, and NCP
packets?
>> >
>> > On what operating system?
>>
>> Linux 2.2.13
>>
>> Problem is that what I get from the ppp-device is only the raw IP-data, not
>> the ppp-encapsulation.
>
>I'd have to go dive into the kernel code to see why it's doing that, and
>the connection between the link-layer Linux drivers and the SOCK_PACKET
>socket code isn't something with which I'm sufficiently familiar that
>I'd be able to find the answer quickly (it's easier for me to find the
>connection in those OSes where looking for "bpf_" in the source finds
>the tap :-)) - does anybody else know why only the IP traffic makes it
>up to SOCK_PACKETland?
Hmmm, I could have a look next month ... It probably has to do with pppd
not handing that stuff over. Perhaps pppd calls ip_input directly with an
IP datagram, and does not hand over frames. pppd man need to be hacked to
do that.
Paul Macerras (sp?) would know ...
>Or might "libpcap" on this system not be using SOCK_PACKET in the way
>the standard Linux "libpcap" does? What release of which distribution
>are you running?
>
Regards
-------
Richard Sharpe, sharpe@xxxxxxxxxx, Master Linux Administrator :-),
Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
Co-author, SAMS Teach Yourself Samba in 24 Hours
Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course
