[Winpcap-users] I can not capture my fortiClient interface

Ulas Yuce ulasyuce at gmail.com
Wed Apr 3 08:28:18 PDT 2013 

Hi Gisle,

The outputs are as below:

C:\Program Files\Wireshark>dumpcap -D
1. \Device\NPF_{4D98F9E6-1671-48AE-BEC7-0B69819C55ED} (Microsoft)
2. \Device\NPF_{B7AA410C-0172-4960-A503-A468B0520621} (Intel(R) 82567LM
Gigabit
Network Connection)
3. \Device\NPF_{BB31B551-FA05-46E9-85BD-EECC3E6A8D2B} (Fortinet Virtual NIC)
4. \Device\NPF_{50C6054D-F4F8-45D0-BA23-22C861A69DED} (NCP Secure Client
Virtual
 NDIS6 Adapter)
5. \Device\NPF_{F6945C05-3F7B-49F3-B298-4A08250BDE86} (Juniper Network
Connect V
irtual Adapter)
6. \Device\NPF_{130984C3-C857-4E00-A133-DB36838B7CB8} (Microsoft)


When FortiClient is connected ipconfig result is as below:


PPP adapter fortissl:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : fortissl
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.242.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 10.160.0.13
                                       138.203.68.208
   NetBIOS over Tcpip. . . . . . . . : Enabled




I realized that I have another connection which is always seem like below:


C:\Program Files\Wireshark>ipconfig /all

Windows IP Configuration

....

Ethernet adapter Local Area Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Fortinet virtual adapter
   Physical Address. . . . . . . . . : 00-09-0F-FE-00-01
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

   .....



What should I check here? Do you have any comments?


On Wed, Apr 3, 2013 at 3:34 PM, Gisle Vanem <gvanem at broadpark.no> wrote:

> "Ulas Yuce" <ulasyuce at gmail.com> wrote:
>
>  I have a Windows 7 PC running wireshark. I connect to another network
>> using
>> Fortinet FortiClient. FortiClient create a PPP interface and connect me to
>> other networks? I need to capture the traffic going through this
>> interface.
>>
>> I can see the Forticlient interface on the interfaces list but the IP is
>> 0.0.0.0 and I do not see any packets flowing on this interface.
>>
>> Do anybody knows how can I fix this problem and capture FortiClient
>> interface?
>>
>
> What does "dumpcap -D" prints?
> Or for that matters, what does "windump -D" prints?
> (if you have that).
>
> Compare that with what adapters "ipconfig /all" prints.
> Check the description of each adapter. It could be that wpcap.dll is not
> built for your situation. I.e. I'm not sure it needs to be built with
> '-DHAVE_WANPACKET_API' to sniff
> the interface in question.
>
> --gv
> ______________________________**_________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/**mailman/listinfo/winpcap-users<https://www.winpcap.org/mailman/listinfo/winpcap-users>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winpcap.org/pipermail/winpcap-users/attachments/20130403/0012519b/attachment.html>

More information about the Winpcap-users mailing list