[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Isakmp and Snort?

As far as I know, ESP and AH are just TCP with some extra headers and a
different protocol version number in one of the fields, so SNORT should pick
it up.
How are you starting up snort?

----- Original Message -----
From: "Jack" <jack_xiao99@hotmail.com>
To: <tech@openbsd.org>
Sent: Thursday, May 24, 2001 2:34 PM
Subject: Isakmp and Snort?

> Hi All,
> Now I want to detect the packets information between two VPN gateways with
> Snort. After I setting up isakmpd, the Snort only can catch UDP packets
> phase 1 and have got nothing of ESP or AH packects. As far as I know,
> can detect TCP/UDP/ICMP. How about ESP and AH? If it can, how to write the
> rules of Snort? I will appreciate your help or hints.
> Thanks!
> Jack