I'm running wireshark 1.2.10 on Fedora 13 and trying to capture traffic across the VPN tunnel to my office. I'm using Cisco's VPN client for linux. When I capture the traffic I see my requests going out but I don't see the responses coming back. I know they are coming back because the internal web sites I'm going to display just fine. I just don't see the return traffic in wireshark. this is a clean install of wireshark and I haven't created or applied any capture or display filters.
asked 17 Sep '10, 04:57
There are many problems reported with not seeing traffic one way or even both way when VPN software is installed on Windows. I suspect the same kind of problems can manifest themselves on other OS'es with VPN software. The problem is that the VPN has to nest itself somewhere low in the TCP/IP stack to be able to get to the packets in time. This might interfere with libpcap's ability to get to the packets.
answered 17 Sep '10, 10:43