[Openswan Users] How do I sniff for decrypted packets
Paul Wouters
paul at xelerance.com
Mon Jan 26 19:43:30 EST 2009
On Mon, 26 Jan 2009, Jonah Wittkamper wrote:
> My only interfaces are eth0, eth1 and lo.
> By running tcpdump on eth0 I can see ESP packets, but I can't see
> decrypted packets. My research on this mailing list suggests that I
> should see both encrypted and decrypted packets, but I only see
> encrypted ones.
No, with netkey you won't see encrypted outgoing packets, only encrypted
incoming packets. Sometimes the following hack works:
ifconfig eth0:bogus
tcpdum -i eth0:bogus -n
Paul
More information about the Users
mailing list