tcpdump mailing list archives
question about -E parameter decrypting esp packets
From: Torsten Krah <tkrah () fachschaft imn htwk-leipzig de>
Date: Thu, 19 Feb 2009 20:17:56 +0100
Hi, i am forcing some problems with my ipsec tunnel and want to encrypt the real esp traffic going over the wire. I did succeed only to 50% because a ping looks like this: IP A > B: ESP(spi=0xf33ec601,seq=0x1dd), length 164 IP B > A: ESP(spi=0x089882f5,seq=0x1e3), length 164 Trying to use -E (using keys from setkey -D) i can "decrypt" the packet from "B->A", the ping reply. But i am not able to decrypt the ping request. Command used: Doing a ping to 192.168.96.24 i issue this command: tcpdump -i eth3 -E "0xf33ec601@192.168.96.24 0x11cc1dbe3de5cb263ce1bc05cd1811abbce880f34a23a7cc" icmp 0xf33ec601 is the spi parameter for tunnel A -> B, echo request packets., the 0x.... after that is the dynamic calculated esp key taking from setkey output. I would expect to see my request, but instead the reply packets are printed out - confusing. Can anyone help me with that? i guess i am doing something wrong here? thx Torsten -- Bitte senden Sie mir keine Word- oder PowerPoint-Anhänge. Siehe http://www.gnu.org/philosophy/no-word-attachments.de.html Really, I'm not out to destroy Microsoft. That will just be a completely unintentional side effect." -- Linus Torvalds
Attachment:
smime.p7s
Description:
Current thread:
- question about -E parameter decrypting esp packets Torsten Krah (Feb 19)
- Re: question about -E parameter decrypting esp packets Michael Richardson (Feb 19)
- Re: question about -E parameter decrypting esp packets Torsten Krah (Feb 20)
- Re: question about -E parameter decrypting esp packets Arien Vijn (Feb 20)
- Re: question about -E parameter decrypting esp packets Torsten Krah (Feb 20)
- Re: question about -E parameter decrypting esp packets Michael Richardson (Feb 20)
- Re: question about -E parameter decrypting esp packets Torsten Krah (Feb 20)
- Re: question about -E parameter decrypting esp packets Michael Richardson (Feb 19)