Re: ip tunnel ... mode gre -- encrypted? or not?

Tue, 10 Oct 2000 17:22:53 -0500 

On Tue, Oct 10, 2000 at 11:32:49PM +1100, Damon Muller wrote:
> Hi will,
> 
> Quoth will trillich, 
> > when a linux wonk says <with real IP's, of course>
> >     DEV=mytunnel
> >     OUTSIDE_HERE=321.1.2.3
> >     OUTSIDE_THERE=789.9.8.7
> >     ip tunnel add $DEV \
> >             local $OUTSIDE_HERE \
> >             remote $OUTSIDE_THERE \
> >             mode gre
> > is the tunnel encrypted? if so, how can i confirm
> > that? if not, is there a way to do so? (maybe some
> > argument needs to be supplied to insmod?)
> 
> While I know very little about this VPN stuff (except port-forwarding
> using ssh, but I've posted everything I know about that here anyway), I
> would imagine that the easiest way to see if the traffic is encrypted or
> not is to sniff it and see if it's sending cleartext.
> 
> Just use `sniffit -F mytunnel -i'. Telnet across your VPN, and select
> that socket in the sniffit interactive window. Type something (like
> uname -a) in the telnet session and see if you can see anything
> recognisable.
> 
> This isn't very scientific, and I'd personally have a hard time telling
> the difference between ROT-13'd and IDEA-encrypted traffic, but if you
> can't see any cleartext, then it's probably working.

i can't see nothin'.

# sniffit -F dave -i
Forcing device to dave (user requested)...
Make sure you have read the docs carefully.
unknown physical layer type 0x30a
# ifconfig dave
dave      Link encap:UNSPEC  HWaddr 
D0-21-5A-55-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:192.168.1.1  P-t-P:192.168.0.1  Mask:255.255.255.0
          UP POINTOPOINT RUNNING NOARP  MTU:1476  Metric:1
          RX packets:4300 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4308 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0


when i just
# sniffit -i
all i see are my existing login/ssh sessions, altho i
can still ping 192.168.0.2 (which is past the remote end
of the tunnel, which is 192.168.0.1; my end is 192.168.1.1).

unfortunately, when running 'sniffit -i' the only options are
to check certain ports and certain ip numbers, not specific
devices.

aaugh!

-- 

things are more like they used to be than they are now.

[EMAIL PROTECTED] *** http://www.dontUthink.com/

Reply via email to