PDF(1.8 MB) View with Adobe Reader on a variety of devices
ePub(1.9 MB) View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle)(538.4 KB) View on Kindle device or Kindle app on multiple devices
Updated:December 11, 2018
QuickVPN TCP Dump Analysis
This article explain how to how to capture the packets with wireshark to monitor client traffic when a quick VPN exists.Quick VPN is an easy way to set up VPN software on a remote computer or laptop with a simple user name and password. This will help to securely access networks based on the device used. Wireshark is a packet sniffer used to capture the packets in the network for troubleshooting.
• RVXX series
Analyse the Quick VPN Tcp Dumps
Pr-requisites: Wireshark and Quick VPN client installed in the PC.
Step 1. Navigate to start > run . Enter cmd and command prompt window opens:
Step 2. Enter Ping 22.214.171.124.
Note: Destination IP in the above scenario is 126.96.36.199.
Step 3. Open Wireshark application and choose the interface through which the packets are transmitted to the internet and capture traffic.
Step 4. Start quick vpn application enter the profile name in the Profile Name field.
Step 5. Enter the username in the User Name field.
Step 6. Enter the password in the Password field.
Step 7. Enter the server address in the Server Address field.
Step 8. Choose port for quick vpn in the Port for QuickVPN drop down list.
Step 9. (Optional) Check use remote DNS server check box to use the remote DNS server rather than the local.
Step 10. Click Connect.
Step 11.Open the captured traffic file.
For a QuickVPN connection to happen there are three major things which needs to be checked
• Activating policy(Check Certificate).
• Verify the Network.
To check the connection we need to first see the Transport Layer Security (TLSv1) packets in the capture traffic and it predecessor Secure Socket Layer(SSL) are the cryptographic protocols which provide the security for the communication over the network.
Activating Policy can be checked with the Internet Security Association and Key Management Protocol (ISAKMP) packet in the the wireshark captured traffic. It defines the mechanism for authentication, creation and management of Security Association(SA) and key generation techniques and threat mitigation. It uses IKE for key exchange.
ISAKMP helps to decide the packet format to establish, negotiate, modify and delete the SA.It has various information required for various network security services like IP layer service ex: Header authentication, pay load encapsulation.Transport or application layer services or self-protection of negotiation traffic. ISAKMP defines payloads for exchanging key generation and authentication data.These formats provide a consistent framework for transferring key and authentication data which is independent of the key generation technique, encryption algorithm and authentication mechanism.
Encapsulation Security pay load (ESP)is used to check the confidentiality,data origin authentication connectionless integrity, an anti-replay service and limited traffic flow. In quick vpn ESP is a member of IPSec protocol. It is used to provide the authenticity,integrity and confidentiality of packets. It supports encryption and authentication separately.
Note: Encryption without authentication is not recommended.
ESP is not used to protect the IP header but in tunnel mode entire IP Packet is encapsulated with a new packet header is added and is afforded to the whole inner IP packet including the inner header. It operates on top of IP and uses protocol number 50.