Re: PPP capture

[Gisle Vanem <gvanem () yahoo no>]

Yang Luo wrote:

> AFAIK, Npcap/WinPcap works on the data link level and it sees the Ethernet frames. In my understanding, VPN SSL 
> (https)
> or raw HTTP is just data of high-levels (IP packets) for Npcap/WinPcap. I don't know if it's appropriate or viable for
> Npcap/WinPcap to see this data.

The original WinPcap can see such un-encrypted traffic if built
with '-DHAVE_WANPACKET_API'. It worked very good for me for years when
I used a VPN connection. In such case, the PP2TP/L2TP setup inside
Windows provides a virtual adapter you can sniff on (but no transmit
is allowed).

But if the OP's Fortinet/Fortigate VPN works like the above, is another
question. I bet it bypasses NDIS somehow.

BTW Yang, do your NPcap (in Winpcap-mode?) support compiling with
  'HAVE_WANPACKET_API' too?

-- 
--gv
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe