tcpdump mailing list archives
Re: tcpdump IPSec
From: Michael Richardson <mcr () sandelman ottawa on ca>
Date: Sun, 16 Feb 2003 09:19:23 -0500
-----BEGIN PGP SIGNED MESSAGE-----
"Venkatesh" == Venkatesh S Obanaik <venka () comp nus edu sg> writes:
Venkatesh> I am trying to use the tcpdump -E [algo:secret] option to Venkatesh> decryt and print the packets on the host. The scenario is as Venkatesh> detailed below Venkatesh> host hwan (sender) ----- host dione (reciever) IPSec ESP Venkatesh> transport mode security association setup between the hosts. Venkatesh> When I run the tcpdump command on the reciever (FreeBSD) Venkatesh> tcpdump -i xl0 -E des-cbc:PASSWORD Venkatesh> (algorithm used is des-cbc and secret key is PASSWORD) Venkatesh> However, only the TCP Acknowledgements packets ( dione to Venkatesh> hwan) are getting decrypted and printed as can be seen below. Likely, you aren't capturing enough of the packet to actually decrypt it. Set your "snaplen" (-s ) to at least the size of the network, likely ethernet, so 1514 should work. ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr () sandelman ottawa on ca http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Finger me for keys iQCVAwUBPk+d6YqHRg3pndX9AQEX8AQA3nHzKcCR5tGHO4RjVxhuAuvycLjK3BGX ccgUFxkpA7mqk82GfHjuDbsDRDg/h5MCM+cSRgLr88EyPT+7gfdLkxplmRDGvQOz /dm2TWDTbRuVmWHszo9c567Uz6AaU4+IFdkWkxt1yktBheH6sZlhJhvMqTVViURH LESTRrshUiY= =XRti -----END PGP SIGNATURE----- - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- tcpdump IPSec Venkatesh S Obanaik (Feb 12)
- Re: tcpdump IPSec Michael Richardson (Feb 16)