You could get IP/Trace from TDSLink (www.tdslink.com). It's free, and installs in about 20 minutes. It's not a sniffer.
It will show you all the IP packets in a series of 'dump' type formats using your favourite web browser. Use it 'before and after' you flick your encryption switch, and it's dead obvious. Brian -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] Behalf Of Terry Linsley Sent: 09 June 2005 18:24 To: IBM-MAIN@BAMA.UA.EDU Subject: Strange Auditor Questions The organization we service is suffering through an audit at the moment. One of the things the auditors looked at was the secure file transfer proces I had setup for that organization (OpenSSH based). They explained it sufficiently, but the auditor had one last requirement. She wanted proof that the data was actually being encrypted. ???? It is my understanding that OpenSSH encrypts the file in transit and does not leave an encrypted copy of the data file lying around anywhere. So, I cannot show them a copy of the encrypted file. I ran a transfer using the most verbose debug level and it does not say anything like "now encrypting file". So, to satisfy the auditor (and my own curiosity), does anyone know how to prove that OpenSSH is really encrypting the file? Of course one could hang a sniffer on the network and sniff the datastream, but I did not want to go that far. Thanks. This e-mail message is for the sole use of the intended recipient(s)and may contain confidential and privileged information of Transaction NetworkServices. Any unauthorized review, use, disclosure or distribution isprohibited. If you are not the intended recipient, please contact thesender by reply e-mail and destroy all copies of the original message. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html