Date: Fri, 31 Mar 2006 15:18:32 -0500 From: "Eric W. Bates" <ericx_lists@vineyard.net> To: freebsd-net@freebsd.org Subject: tcpdump and ipsec Message-ID: <442D8E98.6050903@vineyard.net>
next in thread | raw e-mail | index | archive | help
This seems like a dumb question; but I wonder if one can use tcpdump to view the decrypted out flow from and esp tunnel? I have an established tunnel on machine 'firewall'. The tunnel is a route between net 10.128.10.0/24 and 192.168.10.0/24. 'firewall' has 192.168.10.1 as the ip on its internal interface. When I ping 10.128.10.1 using 192.168.10.1 as the source address, I can use tcpdump to view the esp packets via the external interface. Is there a way to use tcpdump to view the packets as they traverse from the tunnel to 192.168.10.1? I had no luck attaching tcpdump to the internal interface. By the same token, can I hook any of the traffic with ipfw? I suspect that if any of this traffic were leaving the machine, I would see it; but maybe not if 'firewall' itself is the destination? Thanks for your time.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?442D8E98.6050903>