On Fri, 2006-11-10 at 09:45 -0500, Sebastien Roy wrote: > On Fri, 2006-11-10 at 10:23 +0100, Mark Phalan wrote: > > I recently wanted to snoop some traffic over an ipv6-over-ipv4 tunnel > > but I never saw any traffic... > > > > Is this even possible? Is there some limitation when trying to snoop > > tunnels? > > As Jim mentioned, it is not currently possible to snoop a tunnel > interface itself. > > If you know the physical interface through which tunneled traffic > eventually ends up, you can of course capture packets on that interface. > This doesn't help, of course, if you've configured IPsec policy on your > tunnel interface to encrypt packets. It's also problematic on > multi-homed systems, where the physical interface through which tunneled > packets are flowing could change based on dynamic routing information. >
Ok, so if I snoop the physical interface I can see the IPv6 packets but I can't do any filtering... for e.g. snoop host <ipv6host> won't work. I guess I'll have to wait until clearview is integrated. > This is being addressed by the IP tunneling device driver component of > Clearview, which is described here: > > http://www.opensolaris.org/os/project/clearview/iptun/ > > This project will introduce IP tunnels as data-links that have DLPI > nodes in the file-system, and that can thus be observed using tools like > snoop and ethereal. > > We (the Clearview project) are periodically releasing early access bfu > archives that contain our work in development. When the IP tunneling > work is baked enough to arrive in these early access bits, we'll make > sure to notify you and the people on this list. > Cool, looking foward to seeing this in Nevada. Thanks, -Mark > Thanks, > -Seb > > _______________________________________________ networking-discuss mailing list [email protected]
