Ethereal-users: [Ethereal-users] capturing on win2k using virtual adapter from cisco vpn client

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Jim Schulze" <jim.schulze@xxxxxxxxx>
Date: Thu, 29 May 2003 08:41:48 -0400
I was wondering if anyone has had experience with running captures of pre-tunneled traffic on a win2k machine running the cisco vpn client 4.01 release.

Part of the changes with the 4.x release vpn client is that now there is a virtual adapter that comes online when the client is connected in a vpn tunnel.  My problem is that you can capture traffic from this virtual interface, however you only see rx traffic, no trx traffic.  When you capture from the ethernet interface, you see both trx and rx traffic, however it is ipsec tunneled/encapsulated; in this case the capture works perfectly as designed.  So it appears that from the virtual adapter you are seeing the traffic before it becomes encrypted, however the transmit traffic is missing for whatever reason.

I don't think this is necessarily an ethereal problem.  I am just wondering if anyone has spent any time trying to figure out why no trx traffic is seen from ethereal or tethereal when capturing on the vpn client virtual interface, and if you have figured it out or found a fix, any assistance would be greatly appreciated.

thanks,

--JS