Ok here is my issue....... We r using an Ipsec tunnel which is a bunp to stack... Now in linux it creates a virtual interface called ipsec0... Ethreal on linux uses libpcap and is able to dispaly the packets (decrypted) coming on this interface.
Now in windows I am using ssh software for creating a tunnel. this creates a virtual interface on the registry so whern i search for the devices, this new virtual device also shows up. But ethereal in windows doesnt show the packets coming on this interface. Since ethereal uses winpcap & libpcap respectively .... y the diff in its behaviour for listening on the virtual interface? That apart... after creating this virtual interface on windows, i tried to use the winpcap 1. Netmask cannot be obtained if I try using the vitual interface From what I gather the virtual interfaces dont have IP and netmask attributes assigned in the registry like non-virtual ones.............. Gianluca Varenni writes: > > ----- Original Message ----- > From: "Pradeep Victor" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, August 28, 2002 3:54 AM > Subject: [WinPcap-users] IPSEC packets > > >> Hi is it possible to capture the packets at the ipsec level after > decrytion >> using the winpcap functions? > > No. WinPcap captures packets as they reach the network adapter. > >> >> Does wincap has functions similar to windump to decrypt the packets > captured >> at the link layer? >> > > WinPcap and windump are different things: > > -winpcap is a library (more precisely, it's an architecture) to capture raw > data from the network. > -windump is an app to decode network packets. > > If you want to decrypt IPsec, you have to decode it on your own (but you > have the windump/tcpdump sources, you can use them!). > > GV > > >> Thanks >> Pradeep >> >> >> ================================================================== >> This is the WinPcap users list. It is archived at >> http://www.mail-archive.com/[email protected]/ >> >> To unsubscribe use >> mailto: [EMAIL PROTECTED]?body=unsubscribe >> ================================================================== >> > > > > > > ================================================================== > This is the WinPcap users list. It is archived at > http://www.mail-archive.com/[email protected]/ > > To unsubscribe use > mailto: [EMAIL PROTECTED]?body=unsubscribe > ================================================================== ================================================================== This is the WinPcap users list. It is archived at http://www.mail-archive.com/[email protected]/ To unsubscribe use mailto: [EMAIL PROTECTED]?body=unsubscribe ==================================================================
