> OK, I received your post *after* my last post, in which I sniffed eth0
> for all packets related to protocols 50 & 51.
>
> Subsequently, I realized that my attempt only demonstrated contents of
> packets for those protocols ;>
>
> So, I did same ping; but, now I sniffed the external (eth0 & wan1
Charles Steinkuehler wrote:
>
> > > Recent versions of tcpdump are smart enough to be able to dump
> > > the encrypted traffic going over the physical interface without being
> > > confused. You basically want to dump the raw traffic going over your
> > > external 'net, and verify protocol 50 p
Charles Steinkuehler wrote:
>
> > Anyway, I have a tunnel between two (2) Dachstein-CD firewall/gateways,
> > seperated by the big, bad internet ;>
> >
> > I remain confused, however, *how* to test the encryption. Yes, I
> > understand how, if both boxes were local and I could place a 3rd in
>
> > Recent versions of tcpdump are smart enough to be able to dump
> > the encrypted traffic going over the physical interface without being
> > confused. You basically want to dump the raw traffic going over your
> > external 'net, and verify protocol 50 packets are being sent/recieved,
and
> >
Charles Steinkuehler wrote:
>
> > Anyway, I have a tunnel between two (2) Dachstein-CD firewall/gateways,
> > seperated by the big, bad internet ;>
> >
> > I remain confused, however, *how* to test the encryption. Yes, I
> > understand how, if both boxes were local and I could place a 3rd in
>
> Anyway, I have a tunnel between two (2) Dachstein-CD firewall/gateways,
> seperated by the big, bad internet ;>
>
> I remain confused, however, *how* to test the encryption. Yes, I
> understand how, if both boxes were local and I could place a 3rd in
> between; but, I cannot do that here.
>
> W
