Martin Neitzel <neit...@hackett.marshlabs.gaertner.de> wrote:
> > Plenty. 1.146.105.131 is my macOS client IP and 64.176.222.118 is the
> > server IP:
> >
> > # tcpdump -n port 9443
> > 23:06:02.270381 IP 64.176.222.118.9443 > 1.146.105.131.3117: UDP, length
> > 1312
> > 23:06:02.270603 IP 64.176.222.118.9443 > 1.146.105.131.3117: UDP, length 208
>
> tcpdump(1) just shows the first active, non-loopback interface by
> default. In your your case above, the public ethernet interface.
>
> Use tcpdump -tn -i wg0
> or tcpdump -tn -i wg0 icmp
>
> to dump the (filtered) payload of the tunnel. (I like -t to get
> rid of the timestamps.)
Here the updated tcpdump:
starbeastie:~ $ doas tcpdump -tn -i wg0 icmp
Password:
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on wg0, link-type NULL (BSD loopback), capture size 262144
bytes
^C
0 packets captured
81 packets received by filter
0 packets dropped by kernel
Tumbleweeds.
