Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to find a strength of the ipsec encryption or sniff the ipsec traffic

From: Shawn Merdinger <shawnmer () gmail com>
Date: Mon, 27 Sep 2010 14:23:59 -0400
"man tcpdump"

    -E     Use spi@ipaddr algo:secret for decrypting IPsec ESP packets that are
              addressed to addr and contain Security Parameter  Index
value  spi.
              This combination may be repeated with comma or newline separation.

              Note  that  setting  the secret for IPv4 ESP packets is
supported at
              this time.

              Algorithms  may  be  des-cbc,   3des-cbc,
blowfish-cbc,   rc3-cbc,
              cast128-cbc,  or  none.   The  default  is  des-cbc.
The ability to
              decrypt packets is only present if tcpdump was compiled
with  crypâ
              tography enabled.

              secret  is  the  ASCII  text for ESP secret key.  If
preceded by 0x,
              then a hex value will be read.

              The option assumes RFC2406 ESP, not RFC1827 ESP.  The
option is only
              for  debugging  purposes,  and  the  use  of this option
with a true
              `secret' key is discouraged.  By presenting IPsec
secret  key  onto
              command  line  you  make  it  visible to others, via
ps(1) and other
              occasions.

Cheers,
--scm

On Mon, Sep 27, 2010 at 8:30 AM, Muruganandam <muruganandam.c () gmail com> wrote:

How to find the  strength of the ipsec encryption and sniff the ipsec
traffic.


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: