Wireshark · Ethereal-dev: [Ethereal-dev] IPSec diagnostics/audit tool

Ethereal-dev: [Ethereal-dev] IPSec diagnostics/audit tool

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Dirk Rösler <dirk@xxxxxxxxxxxxxxx>

Date: Fri, 16 Feb 2001 15:29:28 +0000

Hello there,

does anyone know of or has suggestions for developing an IPSec (ESP only? -
not sure) diagnostics or audit tool?

I was thinking of being able to verify that the traffic you assume is
protected is indeed protected when looked at from the outside. This could be
very valuable for testing and auditing policy.

For example you could statistically analyse payloads (for encrypted packets
those should be flat, whereas non-encrypted packets should be recognisable)
by using a sniffer such as ethereal or snort - and whatever else can be
deduced from looking at the traffic itself.

I'd be happy to hear your suggestions on what else could be looked at.


Regards

Dirk

Prev by Date: [Ethereal-dev] The ability to read from multiple interfaces at once.
Next by Date: Re: [Ethereal-dev] tcp.port == .... causes the Filtering to hang forever
Previous by thread: Re: [Ethereal-dev] The ability to read from multiple interfaces at once.
Next by thread: [Ethereal-dev] Re: [Ethereal-users] Can I get the field ID?
Index(es):
- Date
- Thread