Jump to content

Shouldn't I see traffic on tap0 in Wireshark.


beakmyn
 Share

Recommended Posts

Ok first shoot me for having to do this from Vista, but this laptop has Sis chipsets so Ubuntu doesn't play well with it. Vista however runs quite well. But anyway.

The set up is as follows:

Fon WAN goes to switch

Fon LAN goes to laptop2

Fon Wifi goes to laptop1

Laptop1 is running Openvpn server.conf

Laptop2 is happily surfing the internet

I use laptop1 to ssh into the fon and start the interceptor.

root@OpenWrt:/interceptor/openvpn/client# /interceptor/bin/startup.sh
Fri May 29 07:56:31 2009 OpenVPN 2.0.9 mips-linux [SSL] [LZO] built on Feb  2 2009
Fri May 29 07:56:31 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Fri May 29 07:56:31 2009 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Fri May 29 07:56:31 2009 WARNING: file '/interceptor/openvpn/client/client1.key' is group or others accessible
Fri May 29 07:56:31 2009 WARNING: file '/interceptor/openvpn/client/ta.key' is group or others accessible
Fri May 29 07:56:31 2009 Control Channel Authentication: using '/interceptor/openvpn/client/ta.key' as a OpenVPN static key file
Fri May 29 07:56:31 2009 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May 29 07:56:31 2009 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May 29 07:56:31 2009 LZO compression initialized
Fri May 29 07:56:31 2009 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
Fri May 29 07:56:31 2009 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Fri May 29 07:56:31 2009 Local Options hash (VER=V4): '13a273ba'
Fri May 29 07:56:31 2009 Expected Remote Options hash (VER=V4): '360696c5'
Fri May 29 07:56:31 2009 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Fri May 29 07:56:31 2009 UDPv4 link local: [undef]
Fri May 29 07:56:31 2009 UDPv4 link remote: 10.255.255.253:1194
Fri May 29 07:56:31 2009 TLS: Initial packet from 10.255.255.253:1194, sid=61f74ddc 4279f886
Fri May 29 07:56:31 2009 VERIFY OK: depth=1, /C=US/ST=XX/L=MonkeyIsland/O=interceptor/CN=server/emailAddress=monkey@interceptor.nul
Fri May 29 07:56:31 2009 VERIFY OK: depth=0, /C=US/ST=XX/O=interceptor/CN=server/emailAddress=monkey@interceptor.nul
Fri May 29 07:56:32 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri May 29 07:56:32 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May 29 07:56:32 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri May 29 07:56:32 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May 29 07:56:32 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri May 29 07:56:32 2009 [server] Peer Connection Initiated with 10.255.255.253:1194
Fri May 29 07:56:33 2009 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Fri May 29 07:56:33 2009 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0'
Fri May 29 07:56:33 2009 OPTIONS IMPORT: timers and/or timeouts modified
Fri May 29 07:56:33 2009 OPTIONS IMPORT: --ifconfig/up options modified
Fri May 29 07:56:33 2009 OPTIONS IMPORT: route options modified
[-] Daemon mode set
[-] Interface set to br-lan
[-] Log filename set to "daemonlogger.pcap"
[-] Tap output interface set to tap0[-] Pidfile configured to "daemonlogger.pid"
[-] Pidpath configured to "/var/run"
[-] Rollover size set to 2147483648 bytes
[-] Rollover time configured for 0 seconds
[-] Pruning behavior set to oldest IN DIRECTORY

-*> DaemonLogger <*-
Version 1.2.1
By Martin Roesch
(C) Copyright 2006-2007 Sourcefire Inc., All rights reserved

root@OpenWrt:/interceptor/openvpn/client#

On Laptop1 -openvpn log

Fri May 29 07:56:34 2009 10.255.255.254:60775 [client1] Peer Connection Initiated with 10.255.255.254:60775
Fri May 29 07:56:36 2009 client1/10.255.255.254:60775 PUSH: Received control message: 'PUSH_REQUEST'

Now, I was under the impression that I could fire up Wireshark on Laptop1 and set the interface to tap0 and I'd see the traffic being sniffed and I should see laptop2's traffic.

The goggles, they do nothing.

Oh where have I gone astray?

Link to comment
Share on other sites

You ran the wrong startup script. You need to run the one on laptop 1. That will start the openvpn server on the laptop then do an ssh to the Fon and run the startup script you just ran by hand.

Try this and you should get the interface created.

Link to comment
Share on other sites

You ran the wrong startup script. You need to run the one on laptop 1. That will start the openvpn server on the laptop then do an ssh to the Fon and run the startup script you just ran by hand.

Try this and you should get the interface created.

No I didn't, it doesn't appear to be an issue with the interface being created. Because I'm running from Windows there is no bash command line. So, I'm running Openvpn with the gui and server.conf. Then I use PuTTY to ssh into the fon via the wifi and I then set the date/time and manually run the startup.sh on the interceptor. Which it appears is running and connecting to my the server on laptop1. However, I don't see any traffic on the TAP connection, which I find odd. The output from the fon in my last post shows the client connecting.

At this point I think it may be a Windows issue and I may not be able to see other traffic on the Tap connection. I've disabled the windows firewall also just to take it out of the equation.

...doing research, problem may be wireshark....

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...