While doing some testing of a commercial IDS device, we were attempting to verify the vendor's claim that the device is IPv6 capable and would detect any IPv6 attack. So, we tested both an IPv4 attack and an IPv6 attack. OpenBSD 4.4 i386 running nmap was the source of the attacks. Debian Linux was the target. The source and target ran tcpdump during the attack.
The packet captures worked fine, with one exception. The IPv6 capture that occurred on the OpenBSD attacking machine, can only be read (or played back) on an OpenBSD machine. The vendor tried opening the capture on a Linux PC and a Windows PC using tcpdump and wireshark. I tried reading it myself using tcpdump on a Linux box... it did not work. I have OpenBSD 4.3 installed on another i386 and a 4.2 install on a Sparc64. Both of these machines could playback the IPv6 tcpdump captures. We ended up asking the vendor to load OpenBSD so that they could read the tcpdump file, but I wanted to post here and ask if others have seen this problem? Perhaps it's a small bug of some sort with tcpdump in OpenBSD? The tcpdump IPv4 captures worked fine and could be read on any computer using tcpdump. I can post exactly how I used tcpdump and nmap and links to test tcpdump files if that would be helpful. We carefully record the methodoly of the test. We chose OpenBSD as the source for these attacks because it was the only IPv6 machine we had that was outside of our test network and we knew it did IPv6 very well. Thanks for any advice. -- View this message in context: http://www.nabble.com/tcpdump-and-IPv6-on-OpenBSD-4.4-possible-bug-tp22262234p22262234.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
