[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Stalled connections [LONG]



Petr Ruzicka pÃÅe v Ät 30. 09. 2004 v 16:09 +0200:
> Martin Lexa [[email protected]] wrote:
>  
> >   Side question, how can I filter on enc0?
> > 
> >     tcpdump -i enc0 icmp, for example, isn't working. Probably with
> > -E option... ?
> 
> tcpdump -i enc0 proto 1 ( works for me on xl0 interface so I hope
> it will work on enc0 as well).
  Well, it didn't work. What I need is to filter on enc0 or decrypt data
on wi0 interface... and then filter on them. For example, something
like:
    tcpdump -i enc0 host 10.109.131.193 and port ssh
  I tried -E option, but no luck.
    tcpdump -i wi0 -E aes128-hmac96:16bitkey 'ip[20:4] = spi'
    shows nothing.
  16bitkey was taken from ipsecadm show (key_encrypt: bits128:).
  spi was taken from ipsecadm show (sa: spi ...)
  And ipsecadm show that I have 'auth hmac-sha1 enc aes'.
  What I'm doing wrong? Probably this is too more OpenBSD specific...
sorry if this is kind of off-topic here.
> Petr R.
Martin.