I've built libpcap-0.4 w/ the patch, ethereal, on 2.2.14-15 w/ udma
patch, ppp 2.3.10. I only see IP traffic. I do have lcp_echo_interval
set to watch the connection, so it should be there.
Now, one interesting thing is - I'm running diald, and even though there
is a 'sl0' interface active, it doesn't show up in the capture list. Is
that because libpcap doesn't support slip interfaces?
-- Nathan
Guy Harris wrote:
>
> > > > I would like to grab the ppp-setup, but when I grab from ppp0, I get packets
> > > > as raw-IP. Does anyone know how I can grab all ppp LCP, and NCP packets?
> > >
> > > On what operating system?
> >
> > Linux 2.2.13
> >
> > Problem is that what I get from the ppp-device is only the raw IP-data, not
> > the ppp-encapsulation.
>
> I'd have to go dive into the kernel code to see why it's doing that, and
> the connection between the link-layer Linux drivers and the SOCK_PACKET
> socket code isn't something with which I'm sufficiently familiar that
> I'd be able to find the answer quickly (it's easier for me to find the
> connection in those OSes where looking for "bpf_" in the source finds
> the tap :-)) - does anybody else know why only the IP traffic makes it
> up to SOCK_PACKETland?
>
> Or might "libpcap" on this system not be using SOCK_PACKET in the way
> the standard Linux "libpcap" does? What release of which distribution
> are you running?
--
------------------------------------------------------------
Nathan Neulinger EMail: nneul@xxxxxxx
University of Missouri - Rolla Phone: (573) 341-4841
Computing Services Fax: (573) 341-4216
