[Openswan Users] How do I sniff for decrypted packets

Paul Wouters paul at xelerance.com
Mon Jan 26 19:43:30 EST 2009

On Mon, 26 Jan 2009, Jonah Wittkamper wrote:

> My only interfaces are eth0, eth1 and lo.

> By running tcpdump on eth0 I can see ESP packets, but I can't see
> decrypted packets.  My research on this mailing list suggests that I
> should see both encrypted and decrypted packets, but I only see
> encrypted ones.  

No, with netkey you won't see encrypted outgoing packets, only encrypted
incoming packets. Sometimes the following hack works:

ifconfig eth0:bogus
tcpdum -i eth0:bogus -n


More information about the Users mailing list