[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sniffing a VPN



On 24 Sep 99, at 7:46, Joe Nall wrote:

> I have set up a test VPN and have been trying to verify that packets are
> encrypted.  From a third BSD box on the lan between the two gateways I
> was able to use sniffit and ngrep to see tcp/udp traffic before the VPN,
> now neither tool can see any packets when the two subnets are talking. 
> Any clues on a sniffit configuration or another more appropriate tool to
> see the packets?  I want to verify that the traffic is encrypted.

Don't forget that the IPSEC traffic uses a different set of protocols, 
not TCP or UDP. You will have to tell your sniffer to look at these 
other protocols.

>From /etc/protocols:
esp    50      IPSEC-ESP       # Encap Security Payload
ah      51      IPSEC-AH        # Authentication Header

--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Rick Ballard		Phone   : 902-481-4548
xwave solutions		Fax     : 902-468-3679
Halifax,Nova Scotia	Email   : RichardBallard@xwavesolutions.com
Canada			Timezone: Atlantic AST(GMT-4)/ADT(GMT-3)