tcpdump mailing list archives
tcpdump IPSec
From: Venkatesh S Obanaik <venka () comp nus edu sg>
Date: Wed, 12 Feb 2003 22:19:00 +0800 (GMT-8)
Hi, I am trying to use the tcpdump -E [algo:secret] option to decryt and print the packets on the host. The scenario is as detailed below host hwan (sender) ----- host dione (reciever) IPSec ESP transport mode security association setup between the hosts. When I run the tcpdump command on the reciever (FreeBSD) tcpdump -i xl0 -E des-cbc:PASSWORD (algorithm used is des-cbc and secret key is PASSWORD) However, only the TCP Acknowledgements packets ( dione to hwan) are getting decrypted and printed as can be seen below. the TCP data packets (hwan to dione) are not getting decrypted. * I tried running the tcpdump on the sender as well, even then only the Ack packets are decrypted. Please let me know how to resolve this problem. -------------------------------------------- 15:31:11.053299 hwan > dione: ESP(spi=0x00000c80,seq=0x8129) (DF) 15:31:11.053305 hwan > dione: ESP(spi=0x00000c80,seq=0x812a) (DF) 15:31:11.053488 dione > hwan: ESP(spi=0x00000c80,seq=0x150a9a): commplex-link > 1036: . 505959995:505960003(8) ack 1114901680 win 32592 <nop,nop,timestamp 545507 539733> (DF) 15:31:11.053543 dione > hwan: ESP(spi=0x00000c80,seq=0x150a9b): commplex-link > 1036: . 0:8(8) ack 26 win 32580 <nop,nop,timestamp 545507 5397 33> (DF) 15:31:11.054981 hwan > dione: ESP(spi=0x00000c80,seq=0x812b) (DF) 15:31:11.055100 dione > hwan: ESP(spi=0x00000c80,seq=0x150a9c): commplex-link > 1036: . 0:8(8) ack 1449 win 32592 <nop,nop,timestamp 545507 53 9733> (DF) Regards, Venkatesh - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- tcpdump IPSec Venkatesh S Obanaik (Feb 12)
- Re: tcpdump IPSec Michael Richardson (Feb 16)