[Openswan Users] tcpdump no outgoing traffic over VPN
Madden, Joe
Joe.Madden at mottmac.com
Wed Jan 4 08:31:46 EST 2017
Hi Alexk,
Its normal not to see any outgoing packets for IPsec.
The packets an encapsulated before they reach the interface as a result you can only see ESP/NAT-T packets exiting the interface.
http://stackoverflow.com/questions/21931614/how-to-see-outgoing-esp-packets-in-tcpdump-before-they-get-encrypted
Joe
From: Users [mailto:users-bounces at lists.openswan.org] On Behalf Of alexk
Sent: 04 January 2017 13:18
To: users at lists.openswan.org
Subject: [Openswan Users] tcpdump no outgoing traffic over VPN
Hello to all and happy new year.
I am trying to acquire a tcp dump in a pcap file using the following command:
sudo tcpdump -s 0 host HOST_IP -i eth0 -w tcpdump_test.pcap
The OS is Ubuntu 14.04 server edition with the 3.13.0-92-generic kernel running on an AWS instance.
I am able to capture incoming traffic from the host to my server but when I download the pcap file and open it in Wireshark I do not see the outgoing traffic (neither ESP packets nor clear text).
I have tried to use nflog as described in (https://wiki.strongswan.org/projects/strongswan/wiki/CorrectTrafficDump) but it seems that nflog is not included with the Ubuntu kernel. I am unable to find a way to see outgoing traffic towards the host in question.
Can anyone please suggest a solution?
Thank you in advance
Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20170104/4b38697f/attachment.html>
More information about the Users
mailing list