maolson-msft
commented
1 year ago @nspitzer FYI, support has finally been added for the VPN events in v1.9.0. Thanks for your patience.
Closed nspitzer closed 1 year ago
maolson-msft
commented
1 year ago @nspitzer FYI, support has finally been added for the VPN events in v1.9.0. Thanks for your patience.
Situation: Capturing packets traversing F5 VPN tunnel using DTLS Over PPP connection. Captured using Microsoft-Windows-Ra-NdisWanPacketCapture provider
Command line used to generate traces: netsh trace start tracefile=c:\working\netsh_tracev1.etl capture=yes report=disabled overwrite=yes provider=Microsoft-Windows-Ras-NdisWanPacketCapture
Output from ETL2PCAPNG: PS C:\working> etl2pcapng netsh_tracev1.etl netsh_F5_trace_etl2pcapng.pcap IF: medium=eth ID=0 IfIndex=17 IF: medium=eth ID=1 IfIndex=74 Converted 5113 frames Only DTLS encrypted packets going over ppp tunnel are in PCAP file - PCAP file 4068KB
Output from Windows Message Analyzer Save-As->Export-All Messages>save ~10,078 frames+some none-network entries Both DTLS encrypted packets as well as cleartext packets are in PCAP file