[pptp-server] Re: MPPE compression
Tim Wilson
timwilson at mediaone.net
Fri Apr 20 09:42:47 CDT 2001
You run tcpdump on the interface where tunneled packets are supposed to be.
Use the -x option to show hex packet contents, and DONT FORGET to also
use -s2048 so that tcpdump captures the whole packet (not just the first few
bytes).
Like this: tcpdump -i ethx -n -x -s2048
Look in the tcpdump output for gre-encapsulated packets--that's the tunneled
pptp data.
The first 20 bytes of that packet is the IP header. The next 12 bytes are
the gre encapsulating header (usually 20 bytes; sometimes 22 bytes).
Right after the gre header is the encapsulated PPP frame. If it's plain
ipv4, the first byte is hex 21 (a compressed version of 0x0021, the PPP
frame type for ipv4). If it's compressed/encrypted, the first byte is fd
(short for 0x00fd).
BTW, I just upgraded my kernel to 2.4.3 and it still doesn't encrypt sent
packets. Anybody else see this??
> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
> [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Pete Starzewski
> Sent: Friday, April 20, 2001 9:25 AM
> To: pptp-server at lists.schulte.org
> Subject: [pptp-server] Re: MPPE compression
>
>
> This may sound like a stupid question, but just how do you confirm
> compression/encryption? I've read that people are using tcpdump.
> I tried
> it and maybe I am missing something (probably the case), but I can't see
> anything in the packet info about packets being compressed or
> encrypted. Please enlighten me.
>
> thanks,
>
> Pete
>
>
> Pete Starzewski
> Network Systems Engineer
> Green Bay Packaging Inc.
>
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
More information about the pptp-server
mailing list