Find the answer to your Linux question:
Results 1 to 4 of 4
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Using Ethereal to sniff IPSec

    I can't figure out how to use Ethereal to detect if IPSec is being used or not. I can't find a filter for it and it isn't listed in the list of protocols, however AH and ESP are there but I can't figure out how to use them correctly. Basically I have IPSec turned on a couple of computers and I want to sniff the packets to look at the IPSec data. Any help would be appreciated.

  2. #2
    Linux User cyberinstru's Avatar
    Join Date
    Jan 2007
    Have you got any virtual interface for ipsec available... (eg. ipsec0, ipsec1...)

    If yes, you can sniff traffic on that ipsecX interface...

    All the traffic coming out of that ipsecX interface belongs to IPSec.

    If you dnt have virtual interface (ipsecX), then your kernel supports PF_KEY, ie., native IPSec stack.

    If that is the case, u can use filters "esp or ah or dst port 500" and sniff packets . But after you cannot classify plain traffic as IPSec traffic on kernel with native IPSec stack support..

  3. #3
    I'm extremely interested in setting up a virtual device for IPSec but I didn't know that I could. Are the steps to do so easy to explain? I'm using RHEL4

  4. $spacer_open
  5. #4

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts