[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: sniffer software

To: AINA ALAIN PATRICK <aalain@ecowasmail.net>
Subject: Re: sniffer software
From: Brian Candler <B.Candler@pobox.com>
Date: Wed, 10 Jan 2001 17:17:39 +0000
Cc: tcpws@psg.com
Delivery-date: Wed, 10 Jan 2001 09:18:00 -0800
Envelope-to: tcpws-data@psg.com

On Wed, Jan 10, 2001 at 05:32:14PM +0000, AINA ALAIN PATRICK wrote:
> I am looking for a good sniffing software which recognize IPSEC ESP and
> AH packets

Have you tried tcpdump?

# tcpdump -i xl0 -n not tcp
17:13:32.204298 192.0.2.46 > 192.0.2.45: AH(spi=385225147,seq=0xacc7): ESP(spi=202834639,seq=0xacc7) (DF)
17:13:32.213895 192.0.2.45 > 192.0.2.46: AH(spi=435817222,seq=0xbffb): ESP(spi=278536727,seq=0xbffb) (DF)
17:13:32.216322 192.0.2.45 > 192.0.2.46: AH(spi=435817222,seq=0xbffc): ESP(spi=278536727,seq=0xbffc) (DF) [tos 0x84] 
...

[The above is on a FreeBSD-4.1-RELEASE box]

Prev by Date: Re: Kernal compile error in Red Hat 6.2
Next by Date: sniffer software
Prev by thread: Smail-3.2.0.111
Next by thread: sniffer software
Index(es):
- Date
- Thread