tcpdump will not compile with ability to decrypt ESP encapsulated packets.

Crist J. Clark cristjc at
Thu Dec 4 21:28:14 PST 2003

On Tue, Dec 02, 2003 at 10:28:52AM -0700, Dr Otacon wrote:
> I'm trying to tcpdump ESP encapsulated packets with tcpdump using:
>     tcpdump -w tcpdump.log -E blowfish-cbc:secret esp host safehost

Tcpdump(8) does not decrypt as it saves data in the pcap dump file. It
only decrypts on the fly as it prints packet contents.

> ...but `tcpshow < tcpdump.log' has this message repeated at the end of every 
> packet:
>     <*** No decode support for encapsulated protocol ***>

Tcpshow(1) would have to decrypt the ESP data itself for this to
Crist J. Clark                     |     cjclark at
                                   |     cjclark at    |     cjc at

More information about the freebsd-stable mailing list