* how to see ipsec traffic
@ 2006-05-11 12:40 Stephen Clark
0 siblings, 0 replies; only message in thread
From: Stephen Clark @ 2006-05-11 12:40 UTC (permalink / raw)
To: netfilter-devel
Hello List,
I have an ipsec tunnel setup between my office and my home.
When I use tcpdump on my home system I can see the esp packets going
both ways
but I only see the received de-encapsulated traffic not what is being
sent back. How
can I see the unencrypted replys.
Below is an example of a tcpdump running on my home system while I am
pinging it
from my office. I see the icmp echo request but not icmp reply.
sudo /usr/sbin/tcpdump -lni eth1 icmp or esp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
09:49:49.616062 IP 65.162.182.15 > 24.144.77.138:
ESP(spi=0x0702d979,seq=0x1)
09:49:49.635388 IP 10.0.129.1 > 192.168.2.1: icmp 64: echo request seq 0
09:49:49.635426 IP 24.144.77.138 > 65.162.182.15:
ESP(spi=0x05191a81,seq=0x1)
09:49:50.617714 IP 65.162.182.15 > 24.144.77.138:
ESP(spi=0x0702d979,seq=0x2)
09:49:50.617714 IP 10.0.129.1 > 192.168.2.1: icmp 64: echo request seq 256
09:49:50.617855 IP 24.144.77.138 > 65.162.182.15:
ESP(spi=0x05191a81,seq=0x2)
kernel is 2.6.15-1.1831_FC4
Thanks,
Steve
--
"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety." (Ben Franklin)
"The course of history shows that as a government grows, liberty
decreases." (Thomas Jefferson)
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2006-05-11 12:40 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-05-11 12:40 how to see ipsec traffic Stephen Clark
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.