Help with deciphering Wireshark capture

asked 2023-09-19 13:05:04 +0000

IzzyShark gravatar image

updated 2023-09-19 14:04:07 +0000

Hi, Apologies if this is not the right place, I'm new to wireshark (something I hope to remedy)but I could use some help trying to decipher a packet capture session. We are having issues with our VPN for Linux and Mac machines, when the VPN is active there is no internet traffic. We have a split tunnel in place. I have investigated the issue and we thought it was a DNS issue, but we also cannot ping 8.8.8.8 or 8.8.4.4. I've tried a traceroute but it doesn't even leave my home wifi. The link for the captures is here: https://www.dropbox.com/scl/fi/fnygrq... and https://www.dropbox.com/scl/fi/c8qs0w...

Hopefully you can access those. If anyone can assist with those it would be appreciated and also if anyone knows any good learning tutorials or youTube videos I would also be grateful.

Thanks D

edit retag flag offensive close merge delete

Comments

Place the capture files on a public fileshare (Dropbox, Google, Microsoft, ...) then update your question with a link to them.

Chuckc gravatar imageChuckc ( 2023-09-19 13:16:25 +0000 )edit

I think the issue could be related to firewall and routing problems. Have you configured the correct ports (e.g., 1194 for VPN) through your modem or internet router? We might be looking for the problem in the wrong place. I'll review the packets later in the day, but if someone looks at it before me, they can make a more accurate diagnosis based on the traffic.

biyik gravatar imagebiyik ( 2023-09-20 01:37:13 +0000 )edit

Our VPN is for a 3rd party cloud environment. They are the ones that control the ports and routing tables. Thank you for looking at the captures. D

IzzyShark gravatar imageIzzyShark ( 2023-09-20 12:31:56 +0000 )edit