Hi, Usually to solve a potential network issue you'll prefer to capture the frames before they are encrypted. But if you want to see the IPSec frames or the tunnel, I usually place a hub on the link of the PC I want to capture and use a laptop running Wireshark and capture promiscuously.
Regards. =========================================== André Noël Analyste principal - protocoles Bell Canada / Groupe Exploitation -----Message d'origine----- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Ulf Lamping Envoyé : May 16, 2007 1:27 À : George A. Kantsios; Community support list for Wireshark Objet : Re: [Wireshark-users] Sniffing Cisco VPN packets George A. Kantsios wrote: > Need a little help and appreciate any guidance and direction you can offer. > I am trying to sniff packets before and after a cisco VPN adapter on a > Windows XP box. When I sniff the VPN adapter I see the unencrypted packets. > When I sniff the physical network device, I get almost no traffic, even when > I send a huge file over the network? Why can't I see the encrypted packets Well, given the fact that there were lot's of problems with VPN software (incl. Cisco VPN) reported - from not seeing any interfaces to crashing various software parts, I would say you can be glad that you see any traffic at all ... See http://wiki.wireshark.org/CaptureSetup/InterferingSoftware for some more details and http://wiki.wireshark.org/CaptureSetup in general. Regards, ULFL _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
