On 05/20/2011 08:45 AM, Richard Chan wrote: > Using wireshark and trying to sniff the cleartext packet, I can only see > incoming packets.
That's a peculiarity of the Linux kernel. Capture the (UDP encapsulated) ESP packets and use wireshark to decrypt them. See http://wiki.wireshark.org/ESP_Preferences Run the following command to determine the encryption algorithms and the symmetric keys used by the kernel. Depending on your configuration, strongSwan periodically changes encryption keys. Keep this in mind if you're capturing traffic over an extended period of time. ip xfrm state -Daniel _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
