Yang Luo wrote:
> AFAIK, Npcap/WinPcap works on the data link level and it sees the Ethernet frames. In my understanding, VPN SSL (https)
> or raw HTTP is just data of high-levels (IP packets) for Npcap/WinPcap. I don't know if it's appropriate or viable for
> Npcap/WinPcap to see this data.
The original WinPcap can see such un-encrypted traffic if built
with '-DHAVE_WANPACKET_API'. It worked very good for me for years when
I used a VPN connection. In such case, the PP2TP/L2TP setup inside
Windows provides a virtual adapter you can sniff on (but no transmit
is allowed).
But if the OP's Fortinet/Fortigate VPN works like the above, is another
question. I bet it bypasses NDIS somehow.
BTW Yang, do your NPcap (in Winpcap-mode?) support compiling with
'HAVE_WANPACKET_API' too?
--
--gv