This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hey guys, I need to capture all traffic which is not going through tun0 (openvpn). I have no idea which capture-filter I should use. I hope someone can help me.

asked 03 Mar '15, 13:12

alexo90's gravatar image

alexo90
6112
accept rate: 0%


The OpenVPN traffic usually uses a "real" network card to transport the tunneled data. Default would be on UDP port 1194, so if you capture on your network card you could exclude the tunnel port, e.g. by using "not udp port 1194"

permanent link

answered 03 Mar '15, 13:17

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

I need to capture all traffic which is not going through tun0 (openvpn).

well, then don't capture on tun0.

If you need to capture on multiple interfaces, you can use several -i statements. Recent versions of Wireshark/dumpcap/tcpdump do support capturing on multiple interfaces, so you don't have to use '-i any'.

Another idea is to set a filter on the IP addresses you don't need. Check the routing table to figure out which subnets are being routed to tun0, then use the following capture filter for those networks.

not net 10.x.x.0/24 and not net 10.y.y.0/24 and not ....

Regards
Kurt

permanent link

answered 03 Mar '15, 14:20

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 03 Mar '15, 14:30

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×549
×45
×1

question asked: 03 Mar '15, 13:12

question was seen: 3,466 times

last updated: 03 Mar '15, 14:30

p​o​w​e​r​e​d by O​S​Q​A