ostu - troubleshooting vpn with wireshark (by tony fortunato)
DESCRIPTION
Tony Fortunato is a Senior Network Specialist with experience in design, implementation, and troubleshooting of LAN/WAN/Wireless networks, desktops and servers since 1989. His background in financial networks includes design and implementation of trading floor networks. Tony has taught at local high schools, Colleges/Universities, Networld/Interop and many onsite private classroom settings to thousands of analysts.TRANSCRIPT
© 2008 www.thetechfirm.com
Wireshark QuickStart
Tony Fortunato, Sr Network SpecialistThe Technology Firm
Troubleshooting With A VPN Client
© 2008 www.thetechfirm.com
What are you talking about?
In some cases you need to troubleshoot through a VPN connection Some analyzers just show you encrypted ‘mumbo jumbo’ (yes it’s a real word,
look it up) You need to see the real data being transferred To complicate things, you may need to do this using a wireless connection,
which some commercial analyzers don’t natively support And of course some VPN vendors create ‘virtual adapters’ to confuse you further
In this example, I’ll use Cisco’s VPN and Microsoft’s client, since I run into them often
© 2008 www.thetechfirm.com
What People Typically Do
The logical approach would be to capture packets from your network interface. Unfortunately many VPN clients use their own interface In the screenshot below, I pinged the default gateway with the Cisco VPN client
connected, but don’t see any evidence of it
© 2008 www.thetechfirm.com
TIP: Launch Wireshark Quickly and Easily
The easiest way to determine which adapter to use is to select Capture->Interfaces after you VPN in and continuously ping something
© 2008 www.thetechfirm.com
Results
Now when you capture from the correct interface you can see all you data in clear text (if the application is in clear text)
In this example my pings are clearly visible
© 2008 www.thetechfirm.com
Microsoft interface
For the Microsoft client, I used the same methodology to determine the correct interface.
© 2008 www.thetechfirm.com
Microsoft Client Bonus
If you select the Microsoft Client and connect, you can analyze the login process.
© 2008 www.thetechfirm.com
Wrong Microsoft Login Credentials
© 2008 www.thetechfirm.com
Wireshark Training - QuickStart
Tony Fortunato, Sr Network SpecialistThe Technology Firm
Thank you
© 2008 www.thetechfirm.com
For additional educational videos on Open Source Network Tools, please click on the following …
http://www.lovemytool.com/blog/ostu.html
LoveMyTool.com – Community for Network Tools