[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Looking for an IPsec packet analyzer

To: "'Shoichi Sakane'" <sakane@ydc.co.jp>
Subject: RE: Looking for an IPsec packet analyzer
From: "Waters, Stephen" <Stephen.Waters@cabletron.com>
Date: Sat, 27 Feb 1999 13:24:10 -0000
Cc: "'ipsec@tis.com'" <ipsec@tis.com>
Sender: owner-ipsec@ex.tis.com


Anyone wanted to trace/decode just the headers (without having a clue of the
contents - which would mostly be encrypted), then you can use any one of the
IPSEC routers out there that has ISAKMP/ESP/AH protocol analysis:

Target device-----------IPSEC router-----------IPSEC source

The ISAKMP/ESP/AH pacjets passing through 'IPSEC router' could then be
analysed by its protocol trace engine.

We have a GUI tool that provides ISAKMP/ESP/AH decode in full colour, but
it's not a LAN sniffer as such. If anyone is interested, I can send an
example ISAKMP analysis.

Steve.

-----Original Message-----
From: Shoichi Sakane [mailto:sakane@ydc.co.jp]
Sent: Friday, February 26, 1999 11:41 AM
To: suresh@livingston.com
Cc: ipsec@tis.com
Subject: Re: Looking for an IPsec packet analyzer


> Can someone point me to one or more vendors that provide IPsec and 
> IKE trafiic decoding in their traffic analyser software? 
> Specifically, I am looking for the following: 

> 	1. IPSec AH and ESP header decoding
> 	2. IKE header and payload decoding (while in the clear)

There is tcpdump in KAME that is IPv6/IPsec stack for BSD*.
KAME's tcpdump can decode some packet of both IKE in part of
phase 1 and IPsec.
Please refer to http://www.kame.net/

/Shoichi `NE' Sakane/

Prev by Date: Re: Client ID 0.0.0.0 Question
Prev by thread: Re: Looking for an IPsec packet analyzer
Next by thread: Client ID 0.0.0.0 Question
Index(es):
- Main
- Thread