I was wondering if anyone has had experience with running captures of pre-tunneled traffic on a win2k machine running the cisco vpn client 4.01 release.
Part of the changes with the 4.x release vpn client is that now there is a virtual adapter that comes online when the client is connected in a vpn tunnel. My problem is that you can capture traffic from this virtual interface, however you only see rx traffic, no trx traffic. When you capture from the ethernet interface, you see both trx and rx traffic, however it is ipsec tunneled/encapsulated; in this case the capture works perfectly as designed. So it appears that from the virtual adapter you are seeing the traffic before it becomes encrypted, however the transmit traffic is missing for whatever reason. I don't think this is necessarily an ethereal problem. I am just wondering if anyone has spent any time trying to figure out why no trx traffic is seen from ethereal or tethereal when capturing on the vpn client virtual interface, and if you have figured it out or found a fix, any assistance would be greatly appreciated. thanks, --JS
