Dr Otacon
2003-Dec-02 09:36 UTC
tcpdump will not compile with ability to decrypt ESP encapsulated packets.
I'm trying to tcpdump ESP encapsulated packets with tcpdump using: tcpdump -w tcpdump.log -E blowfish-cbc:secret esp host safehost ...but `tcpshow < tcpdump.log' has this message repeated at the end of every packet: <*** No decode support for encapsulated protocol ***> I have both /usr/lib/libcrypto.so (base) and /usr/local/lib/libcrypto.so (port) installed, which I think may be causing some kind of a conflict. IPSec is working fine between the two computers. Here's the output of the nm command on the crypto libraries... # nm /usr/local/lib/libcrypto.* | grep BF_cbc_encrypt 00000840 T BF_cbc_encrypt U BF_cbc_encrypt 00049830 T BF_cbc_encrypt 00049830 T BF_cbc_encrypt [root@octo]-[/var/log]# nm /usr/lib/libcrypto.* | grep BF_cbc_encrypt U BF_cbc_encrypt 00000868 T BF_cbc_encrypt And another command.... # ldd `which tcpdump` /usr/sbin/tcpdump: libpcap.so.2 => /usr/lib/libpcap.so.2 (0x280a9000) libc.so.4 => /usr/lib/libc.so.4 (0x280c5000) Any help is appreciated. TIA
Doug White
2003-Dec-03 15:36 UTC
tcpdump will not compile with ability to decrypt ESPencapsulated packets.
On Tue, 2 Dec 2003, Dr Otacon wrote:> I'm trying to tcpdump ESP encapsulated packets with tcpdump using:Think about this for a second.... would you WANT to be able to decrypt packets on the wire? Wouldn't that mean ANYONE could decrypt them? ;-) -- Doug White | FreeBSD: The Power to Serve dwhite@gumbysoft.com | www.FreeBSD.org
Crist J. Clark
2003-Dec-04 21:29 UTC
tcpdump will not compile with ability to decrypt ESP encapsulated packets.
On Tue, Dec 02, 2003 at 10:28:52AM -0700, Dr Otacon wrote:> I'm trying to tcpdump ESP encapsulated packets with tcpdump using: > > tcpdump -w tcpdump.log -E blowfish-cbc:secret esp host safehostTcpdump(8) does not decrypt as it saves data in the pcap dump file. It only decrypts on the fly as it prints packet contents.> ...but `tcpshow < tcpdump.log' has this message repeated at the end of every > packet: > > <*** No decode support for encapsulated protocol ***>Tcpshow(1) would have to decrypt the ESP data itself for this to work. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org