how to see ipsec traffic

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Stephen Clark <Stephen.Clark@seclark.us>
To: netfilter-devel@lists.netfilter.org
Subject: how to see ipsec traffic
Date: Thu, 11 May 2006 08:40:00 -0400	[thread overview]
Message-ID: <446330A0.1030704@seclark.us> (raw)

Hello List,

I have an ipsec tunnel setup between my office and my home.
When I use tcpdump on my home system I can see the esp packets going 
both ways
but I only see the received de-encapsulated traffic not what is being 
sent back. How
can I see the unencrypted replys.

Below is an example of a tcpdump running on my home system while I am 
pinging it
from my office. I see the icmp echo request but not icmp reply.




sudo /usr/sbin/tcpdump -lni eth1 icmp or esp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
09:49:49.616062 IP 65.162.182.15 > 24.144.77.138: 
ESP(spi=0x0702d979,seq=0x1)
09:49:49.635388 IP 10.0.129.1 > 192.168.2.1: icmp 64: echo request seq 0
09:49:49.635426 IP 24.144.77.138 > 65.162.182.15: 
ESP(spi=0x05191a81,seq=0x1)
09:49:50.617714 IP 65.162.182.15 > 24.144.77.138: 
ESP(spi=0x0702d979,seq=0x2)
09:49:50.617714 IP 10.0.129.1 > 192.168.2.1: icmp 64: echo request seq 256
09:49:50.617855 IP 24.144.77.138 > 65.162.182.15: 
ESP(spi=0x05191a81,seq=0x2)

kernel is 2.6.15-1.1831_FC4

Thanks,
Steve

-- 

"They that give up essential liberty to obtain temporary safety, 
deserve neither liberty nor safety."  (Ben Franklin)

"The course of history shows that as a government grows, liberty 
decreases."  (Thomas Jefferson)

                 reply	other threads:[~2006-05-11 12:40 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=446330A0.1030704@seclark.us \
    --to=stephen.clark@seclark.us \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.