Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] ipsec traffic
  • From: Christoph Egger <egger@xxxxxxxxxxxxxx>
  • Date: Thu, 12 Sep 2002 11:04:55 +0200
  • Message-id: <20020912090606.38E4F144B2@xxxxxxxxxxxxxx>
On Thursday, 12. September 2002 09:08, tobias.reckhard@xxxxxxxxxxx wrote:
> > Nonetheless, tcpdump registered lots of traffic during the
> > whole night.
>
> So what does it say and how does that compare to e.g. the Pluto logs? Have
> you tried using tcpdump on the FreeS/WAN machine itself?

Pluto says this:

Sep 12 11:01:52 uhura kernel: klips_debug:gettdb: linked entry in tdb table
for hash=175 of SA:esp0x41b4818@<gateA> requested.
Sep 12 11:01:52 uhura kernel: klips_debug:gettdb: linked entry in tdb table
for hash=230 of SA:tun0x1002@<gateB> requested.

tcpdump says this:

11:03:52.085197 62.180.107.34 > <gateA>: ESP(spi=0x041b4818,seq=0x7dc)
11:03:52.086084 62.180.107.146 > <gateB>: ESP(spi=0x7511fb3c,seq=0x936)

Note, <gateA> is the IP-address of the one ipsec-gateway, <gateB> the one
from the other ipsec-gateway.



--
CU,
Christoph

< Previous Next >
References