This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I can not capture my fortiClient interface

0

Hi all,

I have a Windows 7 PC running wireshark. I connect to another network using Fortinet FortiClient. I need to capture the traffic going through this interface but I can not see this interface in the interfaces list. Reinstalling wireshark didnt help.

Do anybody knows how can I add FortiClient interface to wireshark and capture?

SSL VPN Forticlient version : 4.0.2143

Wireshark Version 1.8.5

asked 03 Apr '13, 02:17

uyuce's gravatar image

uyuce
1111
accept rate: 0%

I upgraded to

wireshark Version 1.8.6 Forticlient:5.0.2.225

Now I can see the Forticlient interface on the interfaces list but the IP is 0.0.0.0 and I do not see any packets flowing on this interface.

Don't konw how to fix it.

(03 Apr '13, 02:57) uyuce

One Answer:

0

Does the FortiClient create a PPP interface? Can you start your SSL-VPN tunnel before starting Wireshark? Does Wireshark correctly list the IP address of the PPP interface when started after establishing the tunnel? Does it show any packets then?

answered 03 Apr '13, 03:01

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

Yes FortiClient create a PPP interface. I did stop wireshark and Forticlient. Started VPN and after that started wireshark. Wireshark again listed the IP address as 0.0.0.0 and showed no packets. When I check all of the ınterfaces and monitor, I can not see any packets going through the fortinet eighter.

(03 Apr '13, 03:13) uyuce

(please use "add a comment" instead of adding a new answer when adding a reaction to an answer, please see the FAQ for details)

OK, Wireshark uses WinPcap to list interfaces and to capture from the interfaces. If WinPcap is not able to capture from the FortiClient's PPP interface, you can contact the WinPcap team at http://www.winpcap.org/contact.htm

(03 Apr '13, 03:19) SYN-bit ♦♦