Skip to content

Commit

Permalink
docs: add chapter "Capturing and analysing tunneldigger packets"
Browse files Browse the repository at this point in the history
Add tcpdump pcap filter examples and describe
how to use the wireshark dissector.
  • Loading branch information
lynxis committed Mar 18, 2021
1 parent e73e051 commit 72a0d06
Show file tree
Hide file tree
Showing 3 changed files with 55 additions and 0 deletions.
52 changes: 52 additions & 0 deletions docs/capture_analyse_packets.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
Capturing and analysing tunneldigger packets
############################################

Example pcap filter using tcpdump
*********************************

See :ref:`PDU types`

capture control traffic
^^^^^^^^^^^^^^^^^^^^^^^

.. code:: sh
# capture all tunneldigger control traffic
tcpdump -i eth0 -w /tmp/output.pcap 'udp port 8942 and udp[8] == 0x80'
capture only USAGE packets
^^^^^^^^^^^^^^^^^^^^^^^^^^

.. code:: sh
# capture only USAGE packets
tcpdump -i eth0 -w /tmp/output.pcap 'udp port 8942 and udp[8] == 0x80 and udp[12] == 0x0a'
capture control packets except KEEPALIVE, PMTUD, PMTUD_ACK, PMTUD_NTFY
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

.. code:: sh
# capture control packets except KEEPALIVE, PMTUD, PMTUD_ACK, PMTUD_NTFY
tcpdump -i eth0 -w /tmp/output.pcap 'udp port 8942 and udp[8] == 0x80 and (udp[12] != 5 && udp[12] != 6 && udp[12] != 7 && udp[12] != 9)'
Using wireshark
***************

There is a `custom dissector <https://github.com/wlanslovenija/tunneldigger/blob/master/docs/wireshark-tunneldigger.lua>`_ for tunneldigger written in lua. The dissector is registered as **TD**.

To use the wireshark dissector call wireshark with:

.. code:: sh
cd tunneldigger/docs/
wireshark -Xlua_script:wireshark-tunneldigger.lua
Wireshark might decode the user data as a different protocol (e.g. Cisco HDLC). This can be changed by:

* Click on "wrong" protocol in "Packet Details" pane (usually the pane in the middle).
* Right mouse click, select **Decode As** (Ctrl-Shift-U).
* A new window with decodes should open
* A new row should be already created. The field should be called **L2TPv3 payload type**.
* Select **Ethernet** in the **Current** column.
1 change: 1 addition & 0 deletions docs/index.rst
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ Contents
server
client
protocol
capture_analyse_packets

Source Code and Issue Tracker
-----------------------------
Expand Down
2 changes: 2 additions & 0 deletions docs/protocol.rst
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,8 @@ All fields are encoding as network byte order.
* Type of the PDU
* Length of the value

.. _PDU types:

PDU types
^^^^^^^^^

Expand Down

0 comments on commit 72a0d06

Please sign in to comment.