tcpdump IPSec

[Venkatesh S Obanaik <venka () comp nus edu sg>]

Hi,

  I am trying to use the tcpdump -E [algo:secret] option to decryt and
print the packets on the host.
 The scenario is as detailed below

host hwan (sender) ----- host dione (reciever)
IPSec ESP transport mode security association setup between the hosts.

When I run the tcpdump command on the reciever (FreeBSD)

tcpdump -i xl0 -E des-cbc:PASSWORD

(algorithm used is des-cbc and secret key is PASSWORD)

However, only the TCP Acknowledgements packets ( dione to
hwan) are getting decrypted and printed as can be seen below.
 the TCP data packets (hwan to dione) are not getting decrypted.

* I tried running the tcpdump on the sender as well, even then
only the Ack packets are decrypted.


 Please let me know how to resolve this problem.


--------------------------------------------
15:31:11.053299 hwan > dione: ESP(spi=0x00000c80,seq=0x8129) (DF)
15:31:11.053305 hwan > dione: ESP(spi=0x00000c80,seq=0x812a) (DF)
15:31:11.053488 dione > hwan: ESP(spi=0x00000c80,seq=0x150a9a): commplex-link > 1036: 
. 505959995:505960003(8) ack 1114901680 win 32592 <nop,nop,timestamp 545507 539733> (DF)
15:31:11.053543 dione > hwan: ESP(spi=0x00000c80,seq=0x150a9b): commplex-link > 1036: . 0:8(8) ack
26 win 32580 <nop,nop,timestamp 545507 5397
33> (DF)
15:31:11.054981 hwan > dione: ESP(spi=0x00000c80,seq=0x812b) (DF)
15:31:11.055100 dione > hwan: ESP(spi=0x00000c80,seq=0x150a9c): commplex-link > 1036: . 0:8(8) ack
1449 win 32592 <nop,nop,timestamp 545507 53
9733> (DF)


Regards,
Venkatesh





-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe