[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Isakmp and Snort?
On Thu, May 24, 2001 at 03:00:18PM -0400, Will Backman wrote:
ESP and AH are different kinds of IP just like TCP, UDP and ICMP. Which
pretty much rules out possibility for them to be TCP packets.
As for the snort, I don't know.
> As far as I know, ESP and AH are just TCP with some extra headers and a
> different protocol version number in one of the fields, so SNORT should pick
> it up.
> How are you starting up snort?
> > Hi All,
> > Now I want to detect the packets information between two VPN gateways with
> > Snort. After I setting up isakmpd, the Snort only can catch UDP packets
> > phase 1 and have got nothing of ESP or AH packects. As far as I know,
> > can detect TCP/UDP/ICMP. How about ESP and AH? If it can, how to write the
> > rules of Snort? I will appreciate your help or hints.
> > Thanks!
> > Jack