Ethereal-dev: [Ethereal-dev] IPSec diagnostics/audit tool

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Dirk Rösler <dirk@xxxxxxxxxxxxxxx>
Date: Fri, 16 Feb 2001 15:29:28 +0000
Hello there,

does anyone know of or has suggestions for developing an IPSec (ESP only? -
not sure) diagnostics or audit tool?

I was thinking of being able to verify that the traffic you assume is
protected is indeed protected when looked at from the outside. This could be
very valuable for testing and auditing policy.

For example you could statistically analyse payloads (for encrypted packets
those should be flat, whereas non-encrypted packets should be recognisable)
by using a sniffer such as ethereal or snort - and whatever else can be
deduced from looking at the traffic itself.

I'd be happy to hear your suggestions on what else could be looked at.


Regards

Dirk