question about -E parameter decrypting esp packets

[Torsten Krah <tkrah () fachschaft imn htwk-leipzig de>]

Hi,

i am forcing some problems with my ipsec tunnel and want to encrypt the real 
esp traffic going over the wire.

I did succeed only to 50% because a ping looks like this:

IP A > B: ESP(spi=0xf33ec601,seq=0x1dd), length 164
IP B > A: ESP(spi=0x089882f5,seq=0x1e3), length 164

Trying to use -E (using keys from setkey -D) i can "decrypt" the packet from 
"B->A", the ping reply.

But i am not able to decrypt the ping request.

Command used:

Doing a ping to 192.168.96.24 i issue this command:

tcpdump -i eth3 -E "0xf33ec601@192.168.96.24 
0x11cc1dbe3de5cb263ce1bc05cd1811abbce880f34a23a7cc" icmp

0xf33ec601 is the spi parameter for tunnel A -> B, echo request packets., the 
0x.... after that is the dynamic calculated esp key taking from setkey output.

I would expect to see my request, but instead the reply packets are printed 
out - confusing.

Can anyone help me with that? i guess i am doing something wrong here?

thx

Torsten

-- 
Bitte senden Sie mir keine Word- oder PowerPoint-Anhänge.
Siehe http://www.gnu.org/philosophy/no-word-attachments.de.html

Really, I'm not out to destroy Microsoft. That will just be a 
completely unintentional side effect."
        -- Linus Torvalds

Attachment: smime.p7s
Description: