The low-level networking tool tcpdump, or its GUI equivalent Wireshark, is a last resort tool for troubleshooting network issues and network performance. In this section, we will walk through the process of capturing and analyzing the encrypted network traffic produced by OpenVPN.
First, we set up our standard OpenVPN network using the basic-udp configuration files. On the client, there is also a web server running. We will use the wget command on the server side to retrieve a file from the web server so that we can look at the resulting network traffic.
We run tcpdump on the Ethernet interface and capture the network traffic while doing a wget outside the tunnel:
The resulting tcpdump output is as follows (modified for the sake of clarity):
As we can see, there are 13 packets to transfer a 5 KB text file. Most of these packets were used to set up and tear down the connection, but there are four large packets...