[Openswan Users] 2.6.24rc3 (klips) tcpdump on ipsec interface

Sven Schiwek ml-openswan at svenux.de
Sat Nov 21 02:53:59 EST 2009 

Hi,

I'm testing Openswan 2.6.24rc3 (klips). tcpdump shows my only this  
garbage "(oui Unknown)" on the ipsec interface I believe this is not  
right.
Do I have to note special things to use tcpdump on an ipsec interface?

Sven



$ tcpdump -i ipsec0
tcpdump: verbose output suppressed, use -v or -vv for full protocol  
decode
listening on ipsec0, link-type EN10MB (Ethernet), capture size 96 bytes
01:47:54.952507 40:00:3f:06:48:a7 (oui Unknown) > 45:00:02:42:5a:59  
(oui Unknown), ethertype Unknown (0xc0a8), length 578:
         0x0000:  0b64 c0a8 0a01 f2bf 0c38 167b bf10 8bf0  .d.......8. 
{....
         0x0010:  eda5 8018 ffff 27d3 0000 0101 080a  
351e  ......'.......5.
         0x0020:  a842 02ba 25e0 4745 5420 6874 7470 3a2f  .B.. 
%.GET.http:/
         0x0030:  2f64 652e 7769 6b69 7065 6469 612e 6f72  / 
de.wikipedia.or
         0x0040:  672f 736b 696e 732d 312e 352f 636f 6d6d  g/skins-1.5/ 
comm
         0x0050:  6f6e                                     on
01:47:54.952558 40:00:40:06:d8:68 (oui Unknown) > 45:00:00:34:cb:a5  
(oui Unknown), ethertype Unknown (0xc0a8), length 52:
         0x0000:  0a01 c0a8 0b64 0c38 f2bf 8bf0 eda5 167b  .....d. 
8.......{
         0x0010:  c11e 8010 0106 88bc 0000 0101 080a  
02ba  ................
         0x0020:  2602 351e a842                           &.5..B
01:47:54.954082 40:00:3f:06:9e:18 (oui Unknown) > 45:00:00:34:06:f6  
(oui Unknown), ethertype Unknown (0xc0a8), length 52:
         0x0000:  0b64 c0a8 0a01 f2c0 0c38 90d3 8ac5 8c51  .d....... 
8.....Q
         0x0010:  33c8 8010 ffff ff5f 0000 0101 080a 351e   
3......_......5.
         0x0020:  a842 02ba 25e1                           .B..%.
01:47:54.961149 40:00:3f:06:58:74 (oui Unknown) > 45:00:02:44:4a:8a  
(oui Unknown), ethertype Unknown (0xc0a8), length 580:
         0x0000:  0b64 c0a8 0a01 f2c0 0c38 90d3 8ac5 8c51  .d....... 
8.....Q
         0x0010:  33c8 8018 ffff 22ff 0000 0101 080a 351e   
3.....".......5.
         0x0020:  a842 02ba 25e1 4745 5420 6874 7470 3a2f  .B.. 
%.GET.http:/
         0x0030:  2f64 652e 7769 6b69 7065 6469 612e 6f72  / 
de.wikipedia.or
         0x0040:  672f 736b 696e 732d 312e 352f 7665 6374  g/skins-1.5/ 
vect
         0x0050:  6f72                                     or

More information about the Users mailing list