[Winpcap-users] Using winpcap on a VPN

Gianluca Varenni gianluca.varenni at cacetech.com
Wed Mar 14 00:26:35 GMT 2007

----- Original Message ----- 
From: "Gaming Mouse" <gaming_mouse at yahoo.com>
To: <winpcap-users at winpcap.org>
Sent: Monday, March 12, 2007 8:20 PM
Subject: Re: [Winpcap-users] Using winpcap on a VPN

>>> I am using winpcap (via jpcap) to try to sniff packets being sent over a
>>> VPN.  I have a simple test program that works fine and captures all
>>> traffic when I am using my wireless connection with no VPN.  In this
>>> case, I choose the device id corresponding to my wireless card.
>>> However, if I run the VPN and choose the device id for the dialup
>>> adapter, I get a message saying that the device cannot be opened.
>>> How can I make this work?
>> I need some more details: which kind of VPN are you using? Which VPN
>> client in particular?
> Hi Gianluca, thanks for the reply.
> I am simply using the windows VPN, the kind that you create in Network
> connections.  The server that I VPN into is just a Windows 2003 Standard
> Server with RRAS setup on it.  So everything is built-in windows
> stuff... no 3rd party software.
>> Can you please file a bug report as explained here:
>> http://www.winpcap.org/bugs.htm
> I will do this, but I just want to make sure before I do that I am not
> making some simple mistake.  If you could give me any further info I'd
> appreciate.  If you need it, also, I'd be happy to post my test code.
> Please let me know.

If you are using the vanilla VPN stuff from microsoft, it's most probably 
PPTP. In that case WinPcap should work without any problem.

Before the connection is established, at all times, you can see a fake 
adapter called "generic dialup adapter". You can use that adapter to capture 
all the management frames used to establish the connection. After the 
connection is established, a new adapter appears, as well, usually called 
PPP/SLIP connection or similar. You can basically capture the same identical 
packets on the two adapters. All the frames will be encapsulated into a 
(fake) ethernet packet. The first thing i would try to do to check that 
everything works is trying windump (or wireshark) and see if wireshark 
captures on those adapters. If it works, I kinda have a suspect as to the 
source of the issue with jpcap (and it's related to COM). Which OS are you 

Have a nice day

> Thanks,
> gm
> ____________________________________________________________________________________
> Finding fabulous fares is fun.
> Let Yahoo! FareChase search your favorite travel sites to find flight and 
> hotel bargains.
> http://farechase.yahoo.com/promo-generic-14795097
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users 

More information about the Winpcap-users mailing list