On May 22, 2014, at 9:31 AM, Joan <aseques@xxxxxxxxx> wrote:
> I am trying to extract the data transmitted into a l2tp tunnel, I am running thsark/tcpdump in the tunnel terminator. What I am using so far is this (4291 is the tunnel number):
> tcpdump -n -i eth3.800 "udp port 1701 && udp[8:2] & 0x80ff == 0x0002 && udp[10:2] == 4291"
>
> I took the filter line from here http://networkingbodges.blogspot.com.es/2012/11/tshark-one-liners.html
>
> The problem is that I would like to inspect the traffic inside the tunnel
"Inspect" in what sense? Wireshark *should* be able to dissect the traffic inside the tunnel; is it not doing so, or do you want to inspect it with some other tool?
