I want to confirm this isn’t possible. Win10.
I have a VPN connection (Sonicwall) to another site and I was trying to use dumpcap to sniff the traffic. So I establish the connection, and run C:\\>"c:\\Program Files\\Wireshark\\dumpcap.exe" -D. That lists 5 interfaces. Two I recognize: the loopback and my lan. But there are 3 more I don’t, named “(Local Area Connection* _)” where _ is 6-8.
Hoping it was one of those, I then tried to determine what those were. Looking at Control Panel → Network Connections only showed the Sonicwall and my lan connection.
The only way I could find to translate those names into something meaningful was with powershell Get-NetAdapter -includehidden. That at least told me none of those "(Local Area Connection* _)“s were the Sonicwall (which was called just Local Area Connection” with no star or number).
Is there a way to listen in on that traffic at least from my workstation? I’m guessing the npcap driver can’t capture from my end of the VPN interface.
Sounds like you want to see the traffic before it goes into the VPN adapter. I don’t have experience doing this on Windows, but on Linux network appliances that do VPN, you can sniff the host interface traffic before it gets encrypted. If you tried running dumpcap on all the interfaces and you don’t see the unencrypted traffic then perhaps it’s not possible
OK, you sniff your VPN packets, how do you decrypt them? Do you know the encryption algorithm/keys that the VPN software uses?
use wiregaurd protocols. recommend widevpn.com , support wireguard vpn, unblock any content. $9.99/yearly
Ideally, I want to see any broadcast traffic that might be coming over the VPN adapter, so I’ll give that a try.
I believe in theory there should be none, but I want to make sure. I’m trying to troubleshoot a problem, and I think it might be the way they have their network set up to use broadcasts (they told me this). So if I am correct that broadcasts don’t go over the VPN, that would explain my connection issue.
Actually, I’m trying to sniff before they go into the VPN and after they come back out (where they should not be encrypted). I want to see what info my computer is sending and receiving, especially broadcasts.
I know you the npcap driver gets the packets before they go to the NIC (that’s why you can capture packets larger than 1500 bytes), so my hope was it would grab the packets before they get encrypted.
Great, but I have no control (yet) over the other end.