On Fri, Mar 31, 2006 at 03:18:32PM -0500, Eric W. Bates wrote: > This seems like a dumb question; but I wonder if one can use tcpdump to > view the decrypted out flow from and esp tunnel? > > I have an established tunnel on machine 'firewall'. > > The tunnel is a route between net 10.128.10.0/24 and 192.168.10.0/24. > > 'firewall' has 192.168.10.1 as the ip on its internal interface. > > When I ping 10.128.10.1 using 192.168.10.1 as the source address, I can > use tcpdump to view the esp packets via the external interface. > > Is there a way to use tcpdump to view the packets as they traverse from > the tunnel to 192.168.10.1? I had no luck attaching tcpdump to the > internal interface. > > By the same token, can I hook any of the traffic with ipfw? > > I suspect that if any of this traffic were leaving the machine, I would > see it; but maybe not if 'firewall' itself is the destination?
You can do that by various ways: 1) Use the ESP decryption option of tcpdump. Of course, you'll have to provide the encryption key to tcpdump. 2) use enc0 support, which is actually pr kern/94829, and which should be included soon in kernel. Yvan. -- NETASQ - Secure Internet Connectivity http://www.netasq.com _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"