Join GitHub today
Issues identifying and capturing on VPN interface #1549
I have a VPN interface that I am attempting to capture and send traffic on. Under WinPcap, the interface did not appear in Wireshark. Under Npcap, Wireshark shows 3 additional interfaces, none of which are named like my VPN interface, and do not show IP addresses associated with them. However, one of the interface shows activity when there is VPN activity, and capturing on that interface (no filter) captures outgoing packets...but blocks incoming packets. They are not captured and not received by the OS. Stopping the capture allows for the connection to resume normally. Capturing on either of the other two interfaces results in a successful capture.
My own custom code bails out early because it can't find an IP address for the three interfaces. I'm attempting to get things working in Wireshark and Nmap first, as it seems to be an Npcap issue.
(some minor details changed/redacted in output)
The interface appearing as
These "Local Area Connection" adapters do not appear to exist in Windows' list of network interfaces. "Local Area Connection 6" is the adapter that shows VPN activity, and can capture outgoing packets (but blocks incoming, as mentioned above). Capturing on "Local Area Connection 7" or "8" results in a successful capture without blocking anything, though they do not show any activity/stats in Wireshark's list of interfaces.
It seems like this might actually work if nmap was able to associate