From: Aidas K. <mo...@us...> - 2004-09-14 05:50:29
|
Update of /cvsroot/ipsec-tools/htdocs In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv14474 Modified Files: checklist.html Log Message: Added explanation for tcpdump showing non encapsulated incomming packets. Index: checklist.html =================================================================== RCS file: /cvsroot/ipsec-tools/htdocs/checklist.html,v retrieving revision 1.5 retrieving revision 1.6 diff -u -d -r1.5 -r1.6 --- checklist.html 26 Aug 2004 17:28:50 -0000 1.5 +++ checklist.html 14 Sep 2004 05:50:20 -0000 1.6 @@ -108,6 +108,12 @@ <dt><tt>racoon</tt> is negotiating <em>Phase 2</em></dt> <dd class="TODO">TODO</dd> + <a name="plain_text_traffic"></a> + <dt title="#plain_text_traffic"><tt>tcpdump</tt> shows plain text traffic!</dt> + <dd>If you <tt>tcpdump</tt> on gateway, and you see both incoming ipsec packets and incoming plain text packets - <em>it is normal behavior</em>.</dd> + <dd>In linux incoming ipsec packets enters interface, ipsec headers are checked and removed and plain text packet enters kernel code one more time as if it just come from network hardware. This is why <tt>tcpdump</tt> shows it twice.</dd> + <dd>To be sure, sniff traffic from third box in between of security gateways and you will see just encapsulated traffic!</dd> + </dl> </body> </html> |