From: Mark Wagner <mark@la...> - 2004-01-09 10:58:16
On 5 January 2004 at 17:10, Michal Ludvig <michal-list@...> wrote:
> On Fri, 2 Jan 2004, Mark Wagner wrote:
> > I can ping between 10.242.242.1 and 10.242.242.3. Using ethereal I see
> > the ping is encrypted but there is this other odd traffic generated:
> > 0.000000 10.242.242.3 -> 10.242.242.1 ESP ESP (SPI=0x000086c4)
> > 0.000000 10.242.242.1 -> 126.96.36.199 IP Fragmented IP protocol (proto=Un
> known 0xf2, off=12288)
> > [...]
> > Why is 10.242.242.1 trying to talk to 188.8.131.52 too? The IP address varies.
> It isn't a destination address as such. It's probably a partially
> decrypted ESP packet that appears on the same interface as the original
> ESP packet. Can you run tcpdump (or ethereal) on a third, independent host
> connected to the same HUB to see if these packets really appear on the
> wire? I bet you'll see only ESP going there and back. Another question is
> why ethereal shows them. Could you test recent tcpdump with a recent
> libpcap instead instead of ethereal, please?
Good call! I had to go through some machinations to get a hub inserted
into the mix but doing so revealed exactly what you predicted.
Once I ruled that out as a problem, it still didn't work. Then
I realized that my routing was fubar'ed. It works fine now. Thanks
Mark Wagner mark@...
Get latest updates about Open Source Projects, Conferences and News.