Re: ip tunnel ... mode gre -- encrypted? or not?
On Tue, Oct 10, 2000 at 11:32:49PM +1100, Damon Muller wrote:
> Hi will,
> Quoth will trillich,
> > when a linux wonk says <with real IP's, of course>
> > DEV=mytunnel
> > OUTSIDE_HERE=3126.96.36.199
> > OUTSIDE_THERE=7188.8.131.52
> > ip tunnel add $DEV \
> > local $OUTSIDE_HERE \
> > remote $OUTSIDE_THERE \
> > mode gre
> > is the tunnel encrypted? if so, how can i confirm
> > that? if not, is there a way to do so? (maybe some
> > argument needs to be supplied to insmod?)
> While I know very little about this VPN stuff (except port-forwarding
> using ssh, but I've posted everything I know about that here anyway), I
> would imagine that the easiest way to see if the traffic is encrypted or
> not is to sniff it and see if it's sending cleartext.
> Just use `sniffit -F mytunnel -i'. Telnet across your VPN, and select
> that socket in the sniffit interactive window. Type something (like
> uname -a) in the telnet session and see if you can see anything
> This isn't very scientific, and I'd personally have a hard time telling
> the difference between ROT-13'd and IDEA-encrypted traffic, but if you
> can't see any cleartext, then it's probably working.
i can't see nothin'.
# sniffit -F dave -i
Forcing device to dave (user requested)...
Make sure you have read the docs carefully.
unknown physical layer type 0x30a
# ifconfig dave
dave Link encap:UNSPEC HWaddr D0-21-5A-55-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.1.1 P-t-P:192.168.0.1 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MTU:1476 Metric:1
RX packets:4300 errors:0 dropped:0 overruns:0 frame:0
TX packets:4308 errors:0 dropped:0 overruns:0 carrier:0
when i just
# sniffit -i
all i see are my existing login/ssh sessions, altho i
can still ping 192.168.0.2 (which is past the remote end
of the tunnel, which is 192.168.0.1; my end is 192.168.1.1).
unfortunately, when running 'sniffit -i' the only options are
to check certain ports and certain ip numbers, not specific
things are more like they used to be than they are now.
email@example.com *** http://www.dontUthink.com/