[Openswan Users] Seeing the ipsec traffic in clear
Paul Wouters
paul at xelerance.com
Tue Sep 15 08:54:34 EDT 2009
On Tue, 15 Sep 2009, Ricky Maiser wrote:
> Now something strange happens:
>
> When I capture the network traffic on Host A's eth0 I can see the encrypted
> ESP packets but also the cleartext packets send from Host B.
>
> I do not see the cleartext packets send from Host A. I only
> see the encrypted ESP packets from Host A.
You're not strange. The Linux people who designed that were strange. It's
normal behaviour with NETKEY.
> I would like to capture the cleartext packets on Host A that
> are send out before they are encrypted with ipsec.
>
> What tricks can I use?
One trick that sometimes works is to create an old-style ip alias and
run tcdpump there. So if eth0 is your outgoing interface, try:
ifconfig eth0:1 1.2.3.4
tcpdump -i eth0:1 -n
It's total voodoo. But not our voodoo.
Paul
More information about the Users
mailing list