Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [suse-security] tcpdump and esp packets
Date: Fri Jul 30 2004 - 03:04:52 CDT
nobody a idea ?
I really need it .. I tried the syntax mentioned at the manual page but I
don't see decrypted esp packets at all ..
Usuall, it sould work with :
tcpdump -w dump.log -vv -E des:sharedsecret esp host <dsthost>
But all I get is :
tcpdump: 'esp' modifier applied to host
bleonhardtanalytek.de schrieb am 29.07.2004 14:25:12:
> Hi all,
> I guess it's OT, again.. but I need it quite quickly...
> ... I need to capture and decrypt esp packets to see, what's in ...
> anybody an idea ?
> I already have downloaded and installed the latest libcrypt ( openssl ),
> the latestet tcpdump ( I had to change the "configure" file to get
> "des_cbc_encrypt" implemented ) and the latest libpcap ...
> Now, I tried following :
> tcpdump -i eth0 -w dump.cap -n -vv -E des-cbc:shared-secret ip proto 50
> ip proto 51 or udp port 500 or udp port 4500
> I see all the ESP packets but I can't see, if it's just a ping, or
> anything else...
> I also tried :
> tcpdump -i eth0 -w dump-cap -n -vv -E des-cbc:shared-secret esp host
> but didn't work at all...
> any ideas ?
> Many thanks,
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-helpsuse.com
> Security-related bug reports go to securitysuse.de, not here
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here