[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Isakmp and Snort?
As far as I know, ESP and AH are just TCP with some extra headers and a
different protocol version number in one of the fields, so SNORT should pick
How are you starting up snort?
----- Original Message -----
From: "Jack" <email@example.com>
Sent: Thursday, May 24, 2001 2:34 PM
Subject: Isakmp and Snort?
> Hi All,
> Now I want to detect the packets information between two VPN gateways with
> Snort. After I setting up isakmpd, the Snort only can catch UDP packets
> phase 1 and have got nothing of ESP or AH packects. As far as I know,
> can detect TCP/UDP/ICMP. How about ESP and AH? If it can, how to write the
> rules of Snort? I will appreciate your help or hints.