Date: Thu, 4 Dec 2003 21:28:09 -0800 From: "Crist J. Clark" <cristjc@comcast.net> To: Dr Otacon <otacon@octo.sytes.net> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: tcpdump will not compile with ability to decrypt ESP encapsulated packets. Message-ID: <20031205052809.GA91506@blossom.cjclark.org> In-Reply-To: <200312021028.52517.otacon@octo.sytes.net> References: <200312021028.52517.otacon@octo.sytes.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Dec 02, 2003 at 10:28:52AM -0700, Dr Otacon wrote:
> I'm trying to tcpdump ESP encapsulated packets with tcpdump using:
>
> tcpdump -w tcpdump.log -E blowfish-cbc:secret esp host safehost
Tcpdump(8) does not decrypt as it saves data in the pcap dump file. It
only decrypts on the fly as it prints packet contents.
> ...but `tcpshow < tcpdump.log' has this message repeated at the end of every
> packet:
>
> <*** No decode support for encapsulated protocol ***>
Tcpshow(1) would have to decrypt the ESP data itself for this to
work.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031205052809.GA91506>