[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sniffing a VPN

To: Tor Houghton <torh@bogus.net>
Subject: Re: Sniffing a VPN
From: Jonas Eriksson <je@interact.se>
Date: Fri, 24 Sep 1999 15:43:56 +0200 (CEST)
Cc: Joe Nall <joe@nall.com>, openbsd <misc@openbsd.org>



On my 2.5-current system:

/usr/src/usr.sbin/tcpdump/print-ipsec.c


-- Jonas Eriksson

On Fri, 24 Sep 1999, Tor Houghton wrote:

> 
> The problem may be that the VPN is using a different protocol that udp or
> tcp. IPSec uses IP 50 and 51 for its traffic. Can sniffit or tcpdump
> work on these packets?
> 
> Tor.
> 
> On Fri, 24 Sep 1999, Jonas Eriksson wrote:
> 
> > 
> > tcpdump -w file dst dst-ip-number
> > 
> > ./sniffit -a -t dst-ip-number
> > 
> > ngrep dst 193.15.98.13
> > 
> > 
> > Regards Jonas Eriksson
> > --
> > InterACT Luleå
> > Network & Security Administrator
> > Tel: +46 (0)920 88803 - Fax: +46 (0)920 88399
> > Current temp in Lulea/Sweden is 10.6C (51.1F)
> > 
> > On Fri, 24 Sep 1999, Joe Nall wrote:
> > 
> > > I have set up a test VPN and have been trying to verify that packets are
> > > encrypted.  From a third BSD box on the lan between the two gateways I
> > > was able to use sniffit and ngrep to see tcp/udp traffic before the VPN,
> > > now neither tool can see any packets when the two subnets are talking. 
> > > Any clues on a sniffit configuration or another more appropriate tool to
> > > see the packets?  I want to verify that the traffic is encrypted.
> > > 
> > > Thanks,
> > > Joe
> > > 
> > 
> > 
> 
>

Follow-Ups:
- Re: Sniffing a VPN
  - From: Tor Houghton <torh@bogus.net>

References:
- Re: Sniffing a VPN
  - From: Tor Houghton <torh@bogus.net>

Prev by Date: Re: Sniffing a VPN
Next by Date: Hello, and a few questions about installing and Console on Serial.
Prev by thread: Re: Sniffing a VPN
Next by thread: Re: Sniffing a VPN
Index(es):
- Date
- Thread