Wireshark-users: [Wireshark-users] ESP and unencrypted packets

From: "no way" <my_no2_mail@xxxxxxxxxxx>
Date: Sun, 27 Aug 2006 03:10:49 +0000
I captured some traffic from a VPN tunnel, on the tunnelling end.
Apart from the ESP packets, some unencrypted packets also appear.

For example:

"1", "00:11:08.539409", "", "", "ESP", "ESP (SPI=0x595c35ec)" "2", "00:11:08.539632", "", "", "ESP", "ESP (SPI=0x6d7ecf2c)" "3", "00:11:08.539632", "", "", "TCP", "80 > 34480 [SYN, ACK] Seq=0 Ack=0 Win=5792 Len=0 MSS=1460 TSV=6521974 TSER=6522154 WS=2" "4", "00:11:08.540078", "", "", "ESP", "ESP (SPI=0x595c35ec)"

I use 4 machines: two clients and two servers. The servers perform the tunnel. Each server comunicates with one client using a second ethernet card. Thus no unencrypted packets should apear on the ethernet used for the tunneling.

What should I do?


Ioannis Kalogridis

Be the first to hear what's new at MSN - sign up to our free newsletters! http://www.msn.co.uk/newsletters