thr3ads.net - freebsd stable - tcpdump will not compile with ability to decrypt ESP encapsulated packets. [Dec 2003]

If this information is useful, please help other people find it:
Share via:

Dr Otacon

2003-Dec-02 09:36 UTC

tcpdump will not compile with ability to decrypt ESP encapsulated packets.

I'm trying to tcpdump ESP encapsulated packets with tcpdump using:

    tcpdump -w tcpdump.log -E blowfish-cbc:secret esp host safehost

...but `tcpshow < tcpdump.log' has this message repeated at the end of
every
packet:

    <*** No decode support for encapsulated protocol ***>

I have both /usr/lib/libcrypto.so (base) and /usr/local/lib/libcrypto.so 
(port) installed, which I think may be causing some kind of a conflict. IPSec 
is working fine between the two computers. Here's the output of the nm 
command on the crypto libraries...

# nm /usr/local/lib/libcrypto.* | grep BF_cbc_encrypt
00000840 T BF_cbc_encrypt
         U BF_cbc_encrypt
00049830 T BF_cbc_encrypt
00049830 T BF_cbc_encrypt
[root@octo]-[/var/log]# nm /usr/lib/libcrypto.* | grep BF_cbc_encrypt
         U BF_cbc_encrypt
00000868 T BF_cbc_encrypt


And another command....

# ldd `which tcpdump`
/usr/sbin/tcpdump:
        libpcap.so.2 => /usr/lib/libpcap.so.2 (0x280a9000)
        libc.so.4 => /usr/lib/libc.so.4 (0x280c5000)


Any help is appreciated. TIA

Doug White

2003-Dec-03 15:36 UTC

head link

tcpdump will not compile with ability to decrypt ESPencapsulated packets.

On Tue, 2 Dec 2003, Dr Otacon wrote:
> I'm trying to tcpdump ESP encapsulated packets with tcpdump using:
Think about this for a second.... would you WANT to be able to decrypt
packets on the wire?

Wouldn't that mean ANYONE could decrypt them? ;-)

-- 
Doug White                    |  FreeBSD: The Power to Serve
dwhite@gumbysoft.com          |  www.FreeBSD.org

Crist J. Clark

2003-Dec-04 21:29 UTC

head link

tcpdump will not compile with ability to decrypt ESP encapsulated packets.

On Tue, Dec 02, 2003 at 10:28:52AM -0700, Dr Otacon
wrote:> I'm trying to tcpdump ESP encapsulated packets with tcpdump using:
> 
>     tcpdump -w tcpdump.log -E blowfish-cbc:secret esp host safehost
Tcpdump(8) does not decrypt as it saves data in the pcap dump file. It
only decrypts on the fly as it prints packet contents.
> ...but `tcpshow < tcpdump.log' has this message repeated at the end
of every
> packet:
> 
>     <*** No decode support for encapsulated protocol ***>
Tcpshow(1) would have to decrypt the ESP data itself for this to
work.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

freebsd stable - Dec 2003 - tcpdump will not compile with ability to decrypt ESP encapsulated packets.

tcpdump will not compile with ability to decrypt ESP encapsulated packets.

tcpdump will not compile with ability to decrypt ESPencapsulated packets.

tcpdump will not compile with ability to decrypt ESP encapsulated packets.