tcpdump mailing list archives
Re: tcpdump with Linux 2.6 and ipsec/ESP
From: Michael Richardson <mcr () sandelman ottawa on ca>
Date: Tue, 05 Oct 2004 09:34:29 -0400
-----BEGIN PGP SIGNED MESSAGE-----
"Michael" == Michael Mueller <m.mueller99 () kay-mueller de> writes:
Michael> Is this a Linux or tcpdump / libpcap problem? Does anybody Michael> have some further details about it? Is there a more Michael> appropriate Linux list to send this question to? On Linux 26sec code, there is no interface equivalent to "ipsec0" on which you can see packets. The -E option really doesn't help much in real use, because the keys are not easily divulged. BSDs running KAME stacks have had the same problem, some of the BSDs have created a special tap point which tcpdump can attach to which is prior to encryption, and after decryption. You will discover that there are other issues with 26sec -- you have now effectively 3 firewalls (iptables, advanced routing/QoS, and SPD), and the SPD one is unaware of the other two. - -- ] "Elmo went to the wrong fundraiser" - The Simpson | firewalls [ ] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[ ] mcr () xelerance com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Finger me for keys iQCVAwUBQWKi44qHRg3pndX9AQHZsgP9EhYg3E0DdD2vDVpr7xezWA5ueadgO/No Ru7PUPEVxTPHk/sQCnssJ0lVf0oIOsBRtI5xXfrXAvXd65z4LiFl/LxCHsF4/erJ vjo/srUIDsDAsUZk7d82aID3ZdwMHTstT215jCTbxGNdy9Fkg2tf7XFN6nIOoCSq XzCHpzn3cVI= =MqZA -----END PGP SIGNATURE----- - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- tcpdump with Linux 2.6 and ipsec/ESP Michael Mueller (Oct 05)
- Re: tcpdump with Linux 2.6 and ipsec/ESP Michael Richardson (Oct 05)
- Re: tcpdump with Linux 2.6 and ipsec/ESP Michael Mueller (Oct 05)
- Re: tcpdump with Linux 2.6 and ipsec/ESP Michael Richardson (Oct 05)