|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [suse-security] tcpdump and esp packets
bleonhardt
analytek.de
Date: Fri Jul 30 2004 - 03:04:52 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
nobody a idea ?
I really need it .. I tried the syntax mentioned at the manual page but I
don't see decrypted esp packets at all ..
Usuall, it sould work with :
tcpdump -w dump.log -vv -E des:sharedsecret esp host <dsthost>
But all I get is :
tcpdump: 'esp' modifier applied to host
-Alex
bleonhardtanalytek.de schrieb am 29.07.2004 14:25:12:
> Hi all,
>
> I guess it's OT, again.. but I need it quite quickly...
>
> ... I need to capture and decrypt esp packets to see, what's in ...
> anybody an idea ?
>
> I already have downloaded and installed the latest libcrypt ( openssl ),
> the latestet tcpdump ( I had to change the "configure" file to get
> "des_cbc_encrypt" implemented ) and the latest libpcap ...
>
> Now, I tried following :
>
> tcpdump -i eth0 -w dump.cap -n -vv -E des-cbc:shared-secret ip proto 50
or
> ip proto 51 or udp port 500 or udp port 4500
>
> I see all the ESP packets but I can't see, if it's just a ping, or
> anything else...
>
> I also tried :
>
> tcpdump -i eth0 -w dump-cap -n -vv -E des-cbc:shared-secret esp host
> IPADDRESSOFTHEREMOTE-SECURED-HOST
>
> but didn't work at all...
>
> any ideas ?
>
> Many thanks,
> Alex
>
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-helpsuse.com
> Security-related bug reports go to securitysuse.de, not here
>
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]