tcpdump will not compile with ability to decrypt ESP
encapsulated packets.
Crist J. Clark
cristjc at comcast.net
Thu Dec 4 21:28:14 PST 2003
On Tue, Dec 02, 2003 at 10:28:52AM -0700, Dr Otacon wrote:
> I'm trying to tcpdump ESP encapsulated packets with tcpdump using:
>
> tcpdump -w tcpdump.log -E blowfish-cbc:secret esp host safehost
Tcpdump(8) does not decrypt as it saves data in the pcap dump file. It
only decrypts on the fly as it prints packet contents.
> ...but `tcpshow < tcpdump.log' has this message repeated at the end of every
> packet:
>
> <*** No decode support for encapsulated protocol ***>
Tcpshow(1) would have to decrypt the ESP data itself for this to
work.
--
Crist J. Clark | cjclark at alum.mit.edu
| cjclark at jhu.edu
http://people.freebsd.org/~cjc/ | cjc at freebsd.org
More information about the freebsd-ipfw
mailing list