Hi,
Usually to solve a potential network issue you'll prefer to capture the frames before they are encrypted. But if you want to see the IPSec frames or the tunnel, I usually place a hub on the link of the PC I want to capture and use a laptop running Wireshark and capture promiscuously.
Regards.
===========================================
André Noël
Analyste principal - protocoles
Bell Canada / Groupe Exploitation
-----Message d'origine-----
De : wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] De la part de Ulf Lamping
Envoyé : May 16, 2007 1:27
À : George A. Kantsios; Community support list for Wireshark
Objet : Re: [Wireshark-users] Sniffing Cisco VPN packets
George A. Kantsios wrote:
> Need a little help and appreciate any guidance and direction you can offer. I am trying to sniff packets before and after a cisco VPN adapter on a Windows XP box. When I sniff the VPN adapter I see the unencrypted packets. When I sniff the physical network device, I get almost no traffic, even when I send a huge file over the network? Why can't I see the encrypted packets
Well, given the fact that there were lot's of problems with VPN software
(incl. Cisco VPN) reported - from not seeing any interfaces to crashing
various software parts, I would say you can be glad that you see any
traffic at all ...
See http://wiki.wireshark.org/CaptureSetup/InterferingSoftware for some
more details and http://wiki.wireshark.org/CaptureSetup in general.
Regards, ULFL
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
