on Mac OSX, I can't capture packets sent over a VPN

1

TIA - I'm trying to troubleshoot some problems I'm having accessing a particular host over a VPN. I'm running Mac OS/X 10.6.7, and the VPN is a Cisco IPSec VPN. I've verified that the host is routing correctly over the VPN interface (which Mac OS/X calls "utun0"):

dhcp-10-0-0-1:~ joshuadavies$ route get -host host.domain.com route to: host.domain.com destination: host.domain.com gateway: 1.2.3.4 interface: utun0 flags: <up,gateway,host,done,wascloned,proto3,ifscope> recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire 0 0 0 0 0 0 1280 3179

(obviously I've changed the hostname & gateway above).

However, when I fire up Wireshark and listen on interface utun0, even when I connect to a host in the remote network, I don't see anything in the capture list. Is there something special I need to do so that packets sent over a VPN link show up in Wireshark 1.4.6 under Mac OS/X?

asked 29 Jun '11, 08:30

Joshua%20Davies's gravatar image

Joshua Davies
16112
accept rate: 0%

1

A quick look at xnu/bsd/net/if_utun.c in 10.6.7 indicates that it does include BPF tap code, so it should, in theory, be possible to capture on it with libpcap, so, in theory, both tcpdump and Wireshark should work.

However this mail message indicates that, even if it does support BPF, it might not be getting the traffic you want to see. Is there also, for example, a ppp0 interface that's up? If so, what happens if you try capturing on it?

(29 Jun '11, 12:07) Guy Harris ♦♦

The best thing to do is to report this to http://bugreport.apple.com. The more reports, the more likely it will see attention. I filed 9699332.

(29 Jun '11, 14:19) chrisvire
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×71
×55
×16
×1

Asked: 29 Jun '11, 08:30

Seen: 1,492 times

Last updated: 29 Jun '11, 14:25

Related questions

Wireshark on MAC OSX VPN

Mac os x 10.6 Wireshark won't start..

OSX Lion release?

MAC OSX Installation

Wireshark quits right after I open it since upgrading to Mac OS X 10.7 see log file

Cannot open wireshark on mac os X snow leopard

Wireshark won't start on Mac OSX

Mac OSX Install Problems

Capturing on Wi-Fi NIC with monitor mode off

Wireshark won't start up

about | faq | privacy | support | contact

powered by OSQA