[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sniffing a VPN




The problem may be that the VPN is using a different protocol that udp or
tcp. IPSec uses IP 50 and 51 for its traffic. Can sniffit or tcpdump
work on these packets?

Tor.

On Fri, 24 Sep 1999, Jonas Eriksson wrote:

> 
> tcpdump -w file dst dst-ip-number
> 
> ./sniffit -a -t dst-ip-number
> 
> ngrep dst 193.15.98.13
> 
> 
> Regards Jonas Eriksson
> --
> InterACT Luleň
> Network & Security Administrator
> Tel: +46 (0)920 88803 - Fax: +46 (0)920 88399
> Current temp in Lulea/Sweden is 10.6C (51.1F)
> 
> On Fri, 24 Sep 1999, Joe Nall wrote:
> 
> > I have set up a test VPN and have been trying to verify that packets are
> > encrypted.  From a third BSD box on the lan between the two gateways I
> > was able to use sniffit and ngrep to see tcp/udp traffic before the VPN,
> > now neither tool can see any packets when the two subnets are talking. 
> > Any clues on a sniffit configuration or another more appropriate tool to
> > see the packets?  I want to verify that the traffic is encrypted.
> > 
> > Thanks,
> > Joe
> > 
> 
>