On Fri, 2006-11-10 at 10:23 +0100, Mark Phalan wrote: > I recently wanted to snoop some traffic over an ipv6-over-ipv4 tunnel > but I never saw any traffic... > > Is this even possible? Is there some limitation when trying to snoop > tunnels?
As Jim mentioned, it is not currently possible to snoop a tunnel interface itself. If you know the physical interface through which tunneled traffic eventually ends up, you can of course capture packets on that interface. This doesn't help, of course, if you've configured IPsec policy on your tunnel interface to encrypt packets. It's also problematic on multi-homed systems, where the physical interface through which tunneled packets are flowing could change based on dynamic routing information. This is being addressed by the IP tunneling device driver component of Clearview, which is described here: http://www.opensolaris.org/os/project/clearview/iptun/ This project will introduce IP tunnels as data-links that have DLPI nodes in the file-system, and that can thus be observed using tools like snoop and ethereal. We (the Clearview project) are periodically releasing early access bfu archives that contain our work in development. When the IP tunneling work is baked enough to arrive in these early access bits, we'll make sure to notify you and the people on this list. Thanks, -Seb _______________________________________________ networking-discuss mailing list [email protected]
