Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

l2tp Packet is not pulling sessionID #118

Open
lovejotd opened this issue Dec 18, 2020 · 10 comments
Open

l2tp Packet is not pulling sessionID #118

lovejotd opened this issue Dec 18, 2020 · 10 comments

Comments

@lovejotd
Copy link

When I run analysis on a L2tp Packet, the session ID is showing up as 0, but when I open the same packet in wireshark, It shows the session ID as 4000? Checking the Bytes, it also looks like it should be 4000.

@PhyxionNL
Copy link
Collaborator

Probably a parsing error, if the bytes are correct you can take a look here and try to fix it (a test for this would be useful too):
https://github.com/chmorgan/packetnet/blob/2775ea7f8fef4edee445ef7087eaa04a3612c920/PacketDotNet/L2tpPacket.cs#L73

@lovejotd
Copy link
Author

I can add a test for it, Doesn't seem as though I have permissions to create a branch

@PhyxionNL
Copy link
Collaborator

You don't, but you can create a fork and then submit a PR 🙂

@lovejotd
Copy link
Author

Sorry this is my first time... Not sure if I am testing the way you guys are, cause my test is different, I uploaded a PR of my test, Let me know what you think

@chmorgan
Copy link
Collaborator

chmorgan commented Jan 6, 2021

@lovejotd wasn't sure if you saw my comment on your PR. I'd like to look at the packet you captured in Wireshark and look at the test results. Do you have that .pcap file still? If so can you upload it here?

@lovejotd
Copy link
Author

lovejotd commented Jan 6, 2021

@chmorgan No problem, Yes I still have it. I got it from a test capture site - https://packetlife.net/captures/protocol/l2tp/

You can download it here - https://packetlife.net/media/captures/icmp_in_l2tpv3.cap

Let me know if you have any questions

@chmorgan
Copy link
Collaborator

chmorgan commented Jan 6, 2021

@lovejotd alright, so after looking at that capture file and the l2tppacket dissector the issue is that there are multiple versions of l2tp packets. The one being tested is v2 but the one you are testing with is v3. From the RFCs it looks like the format of the packets differs.

I'm also not sure if the parser covers all of the cases for l2tp v2 packets either.

It might make sense to extend that class but there would be properties of the class that wouldn't be valid for some versions of the packet.

@chmorgan
Copy link
Collaborator

chmorgan commented Jan 7, 2021

@lovejotd @PhyxionNL as a heads up the current plan is to make a class that will create the appropriate version of the L2TP packet based upon the version field. Similar to how OspfPacket.ConstructPacket() works. Hope to have it wrapped up in a few days and a PR open.

@lovejotd
Copy link
Author

Was there any movement on this? Thanks!

@chmorgan
Copy link
Collaborator

@lovejotd I started working on it and got side-tracked due to far too many projects and no immediate use for this.

I can push my work in progress to a branch if you'd like to take a look. It's basically the same approach as we do with other parsers that have multiple versions, we check the version and instantiate the correct version class.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants