tcpdump mailing list archives
Re: question about -E parameter decrypting esp packets
From: Torsten Krah <tkrah () fachschaft imn htwk-leipzig de>
Date: Fri, 20 Feb 2009 10:29:35 +0100
Am Freitag, 20. Februar 2009 02:35:04 schrieb Michael Richardson:
First, are you capturing the entire packet?
Hm what do you mean with "entire" packet? How do i know this? The command i have used i told - have i have to do something more to get the entire dump?
Torsten> Command used: Torsten> Doing a ping to 192.168.96.24 i issue this command: Torsten> tcpdump -i eth3 -E "0xf33ec601@192.168.96.24 Torsten> 0x11cc1dbe3de5cb263ce1bc05cd1811abbce880f34a23a7cc" icmp Second, are you using "netkey" (built-in kernel IPsec)?
Yes i am using netkey - tried the klips stack but can't get virtual nets only done through NETMAP and DNAT/SNAT targets work (kernel 2.6.28.6, openswan 2.6.20) - racoon + netkey does work.
If so, then you lose, because they never provided tcpdump hooks for both before and after (and in between) for the layers of the tunnels. You see everything.
Have i have to see everything or i am going to not see all? I am confused about your answer here.
tcpdump -E is used extensively by the Openswan KLIPS regression testing system, which is part of every source tree, if you want more examples than are in tcpdump/tests
Thx for this hint, i am looked already there but using the examples there i can't get my packets decrypted, seems like there my capture file is not whats tcpdump expects. -- Bitte senden Sie mir keine Word- oder PowerPoint-Anhänge. Siehe http://www.gnu.org/philosophy/no-word-attachments.de.html Really, I'm not out to destroy Microsoft. That will just be a completely unintentional side effect." -- Linus Torvalds
Attachment:
smime.p7s
Description:
Current thread:
- question about -E parameter decrypting esp packets Torsten Krah (Feb 19)
- Re: question about -E parameter decrypting esp packets Michael Richardson (Feb 19)
- Re: question about -E parameter decrypting esp packets Torsten Krah (Feb 20)
- Re: question about -E parameter decrypting esp packets Arien Vijn (Feb 20)
- Re: question about -E parameter decrypting esp packets Torsten Krah (Feb 20)
- Re: question about -E parameter decrypting esp packets Michael Richardson (Feb 20)
- Re: question about -E parameter decrypting esp packets Torsten Krah (Feb 20)
- Re: question about -E parameter decrypting esp packets Michael Richardson (Feb 19)