[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sniffing a VPN




So, one should be able to do

	tcpdump -x proto 50 or proto 51

to see the packets, I suppose?

Tor

On Fri, 24 Sep 1999, Jonas Eriksson wrote:

> 
> 
> On my 2.5-current system:
> 
> /usr/src/usr.sbin/tcpdump/print-ipsec.c
> 
> 
> -- Jonas Eriksson
> 
> On Fri, 24 Sep 1999, Tor Houghton wrote:
> 
> > 
> > The problem may be that the VPN is using a different protocol that udp or
> > tcp. IPSec uses IP 50 and 51 for its traffic. Can sniffit or tcpdump
> > work on these packets?
> > 
> > Tor.
> > 
> > On Fri, 24 Sep 1999, Jonas Eriksson wrote:
> > 
> > > 
> > > tcpdump -w file dst dst-ip-number
> > > 
> > > ./sniffit -a -t dst-ip-number
> > > 
> > > ngrep dst 193.15.98.13
> > > 
> > > 
> > > Regards Jonas Eriksson
> > > --
> > > InterACT Luleň
> > > Network & Security Administrator
> > > Tel: +46 (0)920 88803 - Fax: +46 (0)920 88399
> > > Current temp in Lulea/Sweden is 10.6C (51.1F)
> > > 
> > > On Fri, 24 Sep 1999, Joe Nall wrote:
> > > 
> > > > I have set up a test VPN and have been trying to verify that packets are
> > > > encrypted.  From a third BSD box on the lan between the two gateways I
> > > > was able to use sniffit and ngrep to see tcp/udp traffic before the VPN,
> > > > now neither tool can see any packets when the two subnets are talking. 
> > > > Any clues on a sniffit configuration or another more appropriate tool to
> > > > see the packets?  I want to verify that the traffic is encrypted.
> > > > 
> > > > Thanks,
> > > > Joe
> > > > 
> > > 
> > > 
> > 
> > 
> 
>