[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: sniffer software

To: AINA ALAIN PATRICK <aalain@ecowasmail.net>
Subject: Re: sniffer software
From: Brian Candler <B.Candler@pobox.com>
Date: Thu, 11 Jan 2001 10:23:09 +0000
Cc: tcpws@psg.com
Delivery-date: Thu, 11 Jan 2001 02:25:29 -0800
Envelope-to: tcpws-data@psg.com

On Wed, Jan 10, 2001 at 08:48:38PM +0000, AINA ALAIN PATRICK wrote:
> > Have you tried tcpdump?
> > 
> > # tcpdump -i xl0 -n not tcp
> > 17:13:32.204298 192.0.2.46 > 192.0.2.45: AH(spi=385225147,seq=0xacc7): ESP(spi=202834639,seq=0xacc7) (DF)
> > 17:13:32.213895 192.0.2.45 > 192.0.2.46: AH(spi=435817222,seq=0xbffb): ESP(spi=278536727,seq=0xbffb) (DF)
> > 17:13:32.216322 192.0.2.45 > 192.0.2.46: AH(spi=435817222,seq=0xbffc): ESP(spi=278536727,seq=0xbffc) (DF) [tos 0x84] 
> 
>  i forgot to add one more asciiable than tcpdump

# tcpdump -i xl0 -n -s1500 -X proto 50
10:15:58.687895 192.0.2.46 > 192.0.2.45: AH(spi=177865819,seq=0x8840): ESP(spi=645333788,seq=0x8840) (DF)
0x0000   4500 00e0 e0dd 4000 f933 ae37 c000 022e        E.....@..3.7....
0x0010   c000 022d 3204 0000 0a9a 045b 0000 8840        ...-2......[...@
0x0020   8b50 0e92 87e2 a8bf 5671 a6ea 2677 031c        .P......Vq..&w..
0x0030   0000 8840 cd59 b9ca 17a1 817e 9ce8 ebb7        ...@.Y.....~....
0x0040   279e 1838 1313 715b 8a62 9235 8f93 72fc        '..8..q[.b.5..r.
0x0050   c554 db22 5f88 9dd1 ca9d 97a2 8c99 0ee5        .T."_...........
0x0060   fe4d 6dfc b292 88bf 3079 0725 0f4a d5a7        .Mm.....0y.%.J..
0x0070   0735 183a 0f38 dc63 e9c7 10bb 489d b3c5        .5.:.8.c....H...
0x0080   982e 4581 44d6 1d30 33c0 4720 abe5 c595        ..E.D..03.G.....
0x0090   1952 324b c7d7 45e6 9a17 4f1b 58a6 44d7        .R2K..E...O.X.D.
0x00a0   376e 04f5 e2c0 b835 67b3 5855 e535 418c        7n.....5g.XU.5A.
0x00b0   67c5 1815 4e6b 4ed2 2583 31cf 1432 a8df        g...NkN.%.1..2..
0x00c0   c1ca df09 b423 3bb2 c8b2 d55f b9ef b257        .....#;...._...W
0x00d0   f0a1 d7ab 60d1 3616 4e98 ed28 c8c2 5c03        .....6.N..(..\.

Of course you will not see the cleartext contents of the packets with any
packet sniffer - that is the whole point of using encryption in the first
place :-)

tcpdump also lets you store the raw binary packets in a file
(tcpdump -s 1500 -w filename) and then later display them however you like
(tcpdump -r filename). This is a "libpcap" file and I think other tools are
available to decode it.

Brian.

Prev by Date: Re: sniffer software
Next by Date: Re: sniffer software
Prev by thread: Re: sniffer software
Next by thread: Re: sniffer software
Index(es):
- Date
- Thread