Speaking about SnifferPro, did anyone have success sniffing
IPSec/ESP encrypted packets under Windows2000 ? I have tried
SnifferPro, Ethereal, windump, and they all do wrong decoding
of ESP packets. If I connect unix box, tcpdump works, so it
isn't problem with the lab network, only windows cannot show
ESP packets. For example, windump shows:
0.0.0.0 > 0.0.69.3: ip-proto-0 0 [ttl 0]
0000 0000 0e00 0000 0000 0000 0000 0000
0000 4503 0098 05bb 0000 ff32 1523 2828
2801 2828 2802 b0a8 8643 0000 0023 0004
9acf 43c0 0800 c016 4d41 2b50 1d81 5717
8712 46fb bc05 d605 c538 3f34 a7f0 4ac5
fc72
There is exactly 18 bytes inserted in front of every ESP packet !
IP packet starts from "4503".
Sasa
Priscilla Oppenheimer wrote:
>
> Try WildPackets EtherPeek. It's great.
>
> Priscilla
>
> At 02:01 AM 10/5/01, George Murphy CCNP, CCDP wrote:
> >I tried to demo it which requires registration and no one has ever called
me
> >back. Maybe
> >they dont need my business.... ;-)
> >
> >"Steiven Poh-(Jaring MailBox)" wrote:
> >
> > > Hello Folks,
> > >
> > > Did anybody know where I can download Sniffer Pro for Win2K...demo
> version
> >or
> > > either... :)
> > >
> > > Rgds,
> > > Steiven
> ________________________
>
> Priscilla Oppenheimer
> http://www.priscilla.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=22248&t=22175
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
