[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ip tunnel ... mode gre -- encrypted? or not?

On Tue, Oct 10, 2000 at 11:32:49PM +1100, Damon Muller wrote:
> Hi will,
> Quoth will trillich, 
> > when a linux wonk says <with real IP's, of course>
> > 	DEV=mytunnel
> > 	OUTSIDE_HERE=321.1.2.3
> > 	OUTSIDE_THERE=789.9.8.7
> > 	ip tunnel add $DEV \
> > 		local $OUTSIDE_HERE \
> > 		remote $OUTSIDE_THERE \
> > 		mode gre
> > is the tunnel encrypted? if so, how can i confirm
> > that? if not, is there a way to do so? (maybe some
> > argument needs to be supplied to insmod?)
> While I know very little about this VPN stuff (except port-forwarding
> using ssh, but I've posted everything I know about that here anyway), I
> would imagine that the easiest way to see if the traffic is encrypted or
> not is to sniff it and see if it's sending cleartext.
> Just use `sniffit -F mytunnel -i'. Telnet across your VPN, and select
> that socket in the sniffit interactive window. Type something (like
> uname -a) in the telnet session and see if you can see anything
> recognisable.
> This isn't very scientific, and I'd personally have a hard time telling
> the difference between ROT-13'd and IDEA-encrypted traffic, but if you
> can't see any cleartext, then it's probably working.

i can't see nothin'.

# sniffit -F dave -i
Forcing device to dave (user requested)...
Make sure you have read the docs carefully.
unknown physical layer type 0x30a
# ifconfig dave
dave      Link encap:UNSPEC  HWaddr D0-21-5A-55-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:  P-t-P:  Mask:
          UP POINTOPOINT RUNNING NOARP  MTU:1476  Metric:1
          RX packets:4300 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4308 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0

when i just
# sniffit -i
all i see are my existing login/ssh sessions, altho i
can still ping (which is past the remote end
of the tunnel, which is; my end is

unfortunately, when running 'sniffit -i' the only options are
to check certain ports and certain ip numbers, not specific



things are more like they used to be than they are now.

will@serensoft.com *** http://www.dontUthink.com/

Reply to: