How to Analyze Network Protocols, Learn More >>

Being able to support more than 300 protocols in the latest version, Capsa Network Sniffer make it easy to analyze protocols in network and understand what is happening.

Recommend Network Analysis Software >>


RFC 2341 http://tools.ietf.org/html/rfc2341

The Layer 2 Forwarding protocol (L2F) permits the tunneling of the link layer of higher layer protocols. Using such tunnels it is possible to divorce the location of the initial dial-up server from the location at which the dial-up protocol connection is terminated and access to the network provided.
The format of the packet is shown in the following illustration:

 
13 16 24 32
F K P S 0 0 0 0 0 0 0 0 C
Ver
Protocol
Sequence (opt)
Multiplex ID
 
Client ID
Length
 
Payload offset
Packet key (optional)
Payload
Checksum
L2F packet structure

Version
The major version of the L2F software creating the packet.

Protocol

The protocol field specifies the protocol carried within the L2F packet.

Sequence
The sequence number is present if the S bit in the L2F header is set to 1.

Multiplex ID
The packet multiplex ID identifies a particular connection within a tunnel.

Client ID
The client ID (CLID) assists endpoints in demultiplexing tunnels.

Length
The length is the size in octets of the entire packet, including the header, all the fields and the payload.

Payload offset
This field specifies the number of bytes past the L2F header at which the payload data is expected to start. This field is present if the F bit in the L2F header is set to 1.

Packet key
The key field is present if the K bit is set in the L2F header. This is part of the authentication process.

Checksum
The checksum of the packet. The checksum field is present if the C bit in the L2F header is set to 1.

Option Messages

When the link is initiated, the endpoints communicate to verify the presence of L2F on the remote end, and to permit any needed authentication. The protocol for such negotiation is always 1, indicating L2F management. The message itself is structured as a sequence of single octets indicating an option. When the protocol field of an L2F specifies L2F management, the body of the packet is encoded as zero or more options. An option is a single octet message type, followed by zero or more sub-options. Each sub-option is a single byte sub-option value, and followed by additional bytes as appropriate for the sub-option.
Possible option messages are:

Invalid Invalid message.
L2F CONF Request configuration.
L2F CONF NAME Name of peer sending L2F CONF.
L2F CONF CHAL Random number peer challenges.
L2F CONF CLID Assigned CLID for peer to use.
L2F OPEN Accept configuration.
L2F OPEN NAME Name received from client.
L2F OPEN CHAL Challenge client received.
L2F OPEN RESP Challenge response from client.
L2F ACK LCP1 LCP CONFACK accepted from client.
L2F ACK LCP2 LCP CONFACK sent to client.
L2F OPEN TYPE Type of authentication used.
L2F OPEN ID ID associated with authentication.
L2F REQ LCP0 First LCP CONFREQ from client.
L2F CLOSE Request disconnect.
L2F CLOSE WHY Reason code for close.
L2F CLOSE STR ASCII string description.
L2F ECHO Verify presence of peer.
L2F ECHO RESP Respond to L2F_ECHO

Vulnerabilities for this protocol (from CVE)

CVE ID Protocol Source Port Targetport

TCP/IP Protocols:

AHARP/RARPATMPBGP-4COPSDCAPDHCPDNS
DVMRPEGPEIGRPESPFANPFingerFTPHSRP
HTTPICMPICMPv6IGMPIGRPIMAP4IPIPDC
IPv6ISAKMPL2FL2TPLDAPMARSMobile IPNARP
NetBIOS/IPNHRPNTPOSPFPIMPOP3PPTPRadius
RIP2RIPng for IPv6RLOGINRSVPRTSPRUDPS-HTTPSCTP
SLPSMTPSNMPSOCKS V5TACACSTALITCPTELNET
TFTPUDPVan JacobsonVRRPWCCPX-WindowXOT