Snort mailing list archives

Detecting IPSEC traffic?

From: "Zarathustra Ubermensch" <zubermensch () hotmail com>
Date: Tue, 20 Nov 2001 07:05:35 -0500

Is there any way to detect IPSEC ESP traffic (protocol 50) with snort? Iknow I can pick up some of this communication by looking for IKE traffic onudp/500, but not all IPSEC traffic uses IKE.

I basically just want to check for any IPSEC activity and don't really careabout packet decodes. I'm interested in seeing who is attemptingcommunication to certain resources on my LAN


Thanks a lot for any help you can give!

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Detecting IPSEC traffic? Zarathustra Ubermensch (Nov 20)
- Re: Detecting IPSEC traffic? Ralf Hildebrandt (Nov 20)
- Re: Detecting IPSEC traffic? Brian (Nov 20)