-
Notifications
You must be signed in to change notification settings - Fork 104
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
l2tp Packet is not pulling sessionID #118
Comments
Probably a parsing error, if the bytes are correct you can take a look here and try to fix it (a test for this would be useful too): |
I can add a test for it, Doesn't seem as though I have permissions to create a branch |
You don't, but you can create a fork and then submit a PR 🙂 |
Sorry this is my first time... Not sure if I am testing the way you guys are, cause my test is different, I uploaded a PR of my test, Let me know what you think |
@lovejotd wasn't sure if you saw my comment on your PR. I'd like to look at the packet you captured in Wireshark and look at the test results. Do you have that .pcap file still? If so can you upload it here? |
@chmorgan No problem, Yes I still have it. I got it from a test capture site - https://packetlife.net/captures/protocol/l2tp/ You can download it here - https://packetlife.net/media/captures/icmp_in_l2tpv3.cap Let me know if you have any questions |
@lovejotd alright, so after looking at that capture file and the l2tppacket dissector the issue is that there are multiple versions of l2tp packets. The one being tested is v2 but the one you are testing with is v3. From the RFCs it looks like the format of the packets differs. I'm also not sure if the parser covers all of the cases for l2tp v2 packets either. It might make sense to extend that class but there would be properties of the class that wouldn't be valid for some versions of the packet. |
@lovejotd @PhyxionNL as a heads up the current plan is to make a class that will create the appropriate version of the L2TP packet based upon the version field. Similar to how OspfPacket.ConstructPacket() works. Hope to have it wrapped up in a few days and a PR open. |
Was there any movement on this? Thanks! |
@lovejotd I started working on it and got side-tracked due to far too many projects and no immediate use for this. I can push my work in progress to a branch if you'd like to take a look. It's basically the same approach as we do with other parsers that have multiple versions, we check the version and instantiate the correct version class. |
When I run analysis on a L2tp Packet, the session ID is showing up as 0, but when I open the same packet in wireshark, It shows the session ID as 4000? Checking the Bytes, it also looks like it should be 4000.
The text was updated successfully, but these errors were encountered: