Is it possible to attach wireshark to a VPN?

[Mark R]

I've got a couple of apps which work locally, but fail over a VPN. Unfortunately, the app diagnostics aren't helpful as to the reason for the failure.

I'd like to be able to watch the app's traffic to try and help investigate.

I've currently using the shrew soft VPN client, and would prefer to monitor on the client end, but wireshark won't attach to the VPN driver.

Any suggestions? Or does this have to be done at the aggregator?

 

[Nothinman]

In general it's very much possible, I'm connected to my work VPN via VPNC and just used tcpdump on the tun0 interface that's associated with the tunnel. Since it's not working for you, you're running into some problem or restriction with Windows or the Shrew soft Client.

Actually, I just tested wireshark sniffing a tunnel with the Cisco IPSec VPN client and it worked there too. So it's either a bug or intentional restriction in the Shrew Soft driver.

 

[Mark R]

I'll give it a try with the Cisco VPN client. This is what I should have been using, but I'd been unable to get it to work on W8 x64.

Anyway, I've now found the problem with the cisco client. I'd loaded the PCF off a CD. The cisco client will import a PCF off a CD, but will crash when you try to connect with it. I'd been tinkering with this this evening from home, and couldn't get it to work.

The solution I have found is to copy the PCF file to the desktop, and import it from there. This works fine. Except, having now done that, I find that my account has been locked out, due to too many failed connections!

Once I get my account unlocked (sadly, this will have to wait until tomorrow as I will have to visit security in person) I'll have a go at wiresharking it.

 

[Nothinman]

It could also be something about Win8, I tested on Linux and Win7.

Maybe it would be simpler to test within a VM. Again this is on Linux, but each VM network has a network device (e.g. vmnet1) which can be sniffed on just fine, I just tried that too.

 

[Mark R]

It could also be something about Win8, I tested on Linux and Win7.

Maybe it would be simpler to test within a VM. Again this is on Linux, but each VM network has a network device (e.g. vmnet1) which can be sniffed on just fine, I just tried that too.

Actually. That's a great idea!
I think I'll set that up.
Thx.

 

[Nothinman]

Actually. That's a great idea!
I think I'll set that up.
Thx.

Actually, I was just thinking that you won't get the decrypted data that way so you'll probably have to do it within the OS establishing the tunnel. I had forgotten that my Linux host was connected to a VPN and not the guest when I did my test a few minutes ago so the traffic I saw was unencrypted because the host OS decrypted it.