Wireshark · Wireshark-dev: Re: [Wireshark-dev] PPP capture

[Yang Luo <hsluoyb@xxxxxxxxx>]

Hi Alexis,

AFAIK, Npcap/WinPcap works on the data link level and it sees the Ethernet frames. In my understanding, VPN SSL (https) or raw HTTP is just data of high-levels (IP packets) for Npcap/WinPcap. I don't know if it's appropriate or viable for Npcap/WinPcap to see this data. Maybe a higher-level sniffer like Fiddler is more suitable for this task? Any other opinions?

Cheers,

Yang

On Tue, Jan 12, 2016 at 4:14 AM, Alexis La Goutte <alexis.lagoutte@xxxxxxxxx> wrote:

On Mon, Jan 11, 2016 at 6:16 PM, Yang Luo <hsluoyb@xxxxxxxxx> wrote:

Hi Alexis,

Thanks to what Guy has pointed out, I will try my best on the monitor mode when I get some time. There are some buddies asking for this feature already:)

yes, i undertood too

i think, we need also to see for use npcap by default on Wireshark... winpcap is really dead !

I haven't got an idea about the PPP support, but it sounds interested. I'm a bit confused about it. What kind of support do you want for vpn? Do you want Npcap to see decrypted data or something else? And what level vpn do you want? I know pptp l2tp ipsec ssl, at least four kinds of vpn, they work differently.

It is a VPN SSL from Fortinet/Fortigate for example ! it is a VPN SSL (top of https), the idea is to have decrypted data !
 

Cheers,

Yang

On Monday, January 11, 2016, Alexis La Goutte <alexis.lagoutte@xxxxxxxxx> wrote:

Hi Yang,

Thanks for you create work on npcap ! (i waiing to try monitor mode on Windows !)

I have a question for you...

the PPP support is planned or not ? because i have some VPN (SSL) client using a virtual PPP and it should be nice to capture directly on VPN connection.

Cheers