![snort logo](/images/snort-logo.png)
Snort mailing list archives
Detecting IPSEC traffic?
From: "Zarathustra Ubermensch" <zubermensch () hotmail com>
Date: Tue, 20 Nov 2001 07:05:35 -0500
Is there any way to detect IPSEC ESP traffic (protocol 50) with snort? I know I can pick up some of this communication by looking for IKE traffic on udp/500, but not all IPSEC traffic uses IKE.
I basically just want to check for any IPSEC activity and don't really care about packet decodes. I'm interested in seeing who is attempting communication to certain resources on my LAN
Thanks a lot for any help you can give! _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Detecting IPSEC traffic? Zarathustra Ubermensch (Nov 20)
- Re: Detecting IPSEC traffic? Ralf Hildebrandt (Nov 20)
- Re: Detecting IPSEC traffic? Brian (Nov 20)