Re: tcpdump IPSec

[Michael Richardson <mcr () sandelman ottawa on ca>]

-----BEGIN PGP SIGNED MESSAGE-----


> > > > > "Venkatesh" == Venkatesh S Obanaik <venka () comp nus edu sg> writes:
    Venkatesh> I am trying to use the tcpdump -E [algo:secret] option to
    Venkatesh> decryt and print the packets on the host.  The scenario is as
    Venkatesh> detailed below

    Venkatesh> host hwan (sender) ----- host dione (reciever) IPSec ESP
    Venkatesh> transport mode security association setup between the hosts.

    Venkatesh> When I run the tcpdump command on the reciever (FreeBSD)

    Venkatesh> tcpdump -i xl0 -E des-cbc:PASSWORD

    Venkatesh> (algorithm used is des-cbc and secret key is PASSWORD)

    Venkatesh> However, only the TCP Acknowledgements packets ( dione to
    Venkatesh> hwan) are getting decrypted and printed as can be seen below.

  Likely, you aren't capturing enough of the packet to actually decrypt it.
Set your "snaplen" (-s ) to at least the size of the network, likely
ethernet, so 1514 should work. 

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr () sandelman ottawa on ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPk+d6YqHRg3pndX9AQEX8AQA3nHzKcCR5tGHO4RjVxhuAuvycLjK3BGX
ccgUFxkpA7mqk82GfHjuDbsDRDg/h5MCM+cSRgLr88EyPT+7gfdLkxplmRDGvQOz
/dm2TWDTbRuVmWHszo9c567Uz6AaU4+IFdkWkxt1yktBheH6sZlhJhvMqTVViURH
LESTRrshUiY=
=XRti
-----END PGP SIGNATURE-----
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe