[strongSwan] tcpdump of ping over ipsec transport
Tobias Brunner
tobias at strongswan.org
Mon Mar 23 14:35:48 CET 2020
Hi,
> When I ping machine A from machine B, and I do 'tcpdump -i <dev> esp ‘
> I dont see ESP packets going bi directional but rather only the replies
> from B to A. Is this the expected behavior of tcpdump in that case?
No. While you'll only see inbound plaintext packets (see [1]), you
should see both ESP packets (unless one is sent/received over a
different interface or only one direction uses UDP-encapsulation, which
is unlikely).
Regards,
Tobias
[1]
https://wiki.strongswan.org/projects/strongswan/wiki/FAQ#Capturing-outbound-plaintext-packets-with-tcpdumpwireshark
More information about the Users
mailing list