Yang Luo wrote: > AFAIK, Npcap/WinPcap works on the data link level and it sees the Ethernet > frames. In my understanding, VPN SSL (https) > or raw HTTP is just data of high-levels (IP packets) for Npcap/WinPcap. I > don't know if it's appropriate or viable for > Npcap/WinPcap to see this data.
The original WinPcap can see such un-encrypted traffic if built with '-DHAVE_WANPACKET_API'. It worked very good for me for years when I used a VPN connection. In such case, the PP2TP/L2TP setup inside Windows provides a virtual adapter you can sniff on (but no transmit is allowed). But if the OP's Fortinet/Fortigate VPN works like the above, is another question. I bet it bypasses NDIS somehow. BTW Yang, do your NPcap (in Winpcap-mode?) support compiling with 'HAVE_WANPACKET_API' too? -- --gv ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
