[hipl-users] Re: HIT in the IPSEC payload ??

• From: "Justino Santos e Alfredo Matos" <mip@xxxxxxxx>
• To: hipl-users@xxxxxxxxxxxxx
• Date: Thu, 11 Nov 2004 23:35:54 +0000

>    [hipl-users] Re: HIT in the IPSEC payload ??
>
>      * From: Mika Kousa <mkousa@xxxxxxxxx>
>        * To: hipl-users@xxxxxxxxxxxxx
>        * Date: Mon, 4 Oct 2004 13:48:13 +0300 (EEST)
>
>    I tested with tcpdump if there are any HITs visible in the
>  addresses of
>    the incoming or outgoing packets. As I expected, I saw 
> only IPv6
>    addresses. I ran tcpdump on both hosts (having 
> addresses 3ffe::1 and
>    3ffe::2) and on one host between the two hosts.
>
>   Like this:
>
>    tcpdump-3.7.2-hip/tcpdump -vv -s10000 -i someinterface 'proto 99 or esp'
>
>    13:36:04.022149 3ffe::2 > 3ffe::1: HIP
> 54f5:64c2:70cc:2e59:ca85:d72f:9e2e:4e92
>    > 46b7:e363:11bc:4c86:77cc:8f60:cf12:ec92: ..

>    13:36:04.055656 3ffe::1 > 3ffe::2: HIP
> 46b7:e363:11bc:4c86:77cc:8f60:cf12:ec92
>    > 54f5:64c2:70cc:2e59:ca85:d72f:9e2e:4e92: ..
>
>    ..
>
>    13:39:21.487740 3ffe::2 > 3ffe::1: 
> ESP(spi=0x3600b29c,seq=0x1) (len 76, hlim 64)
>
>    13:39:21.490840 3ffe::1 > 3ffe::2: 
> ESP(spi=0x79b23c23,seq=0x1) (len 76, hlim 64)


Hello,

     We have also encountered the same problem in our 
captures.
     We are using Ethereal. (version 0.10.7).
     Here's what we see in the ESP Packets:

         16:18:32.983149 3ffe::2 > 3ffe::3: 
ESP(spi=0x554fbe32,seq=0xb5)
         16:18:32.983520 
71d4:c22d:f12e:7785:d8e2:9ea1:2be3:918a > 
5291:cea2:5d13:287d:faeb:27ef:148c:1af8: 
ESP(spi=0xcac1f47e,seq=0x9e)
         16:18:33.284871 3ffe::2 > 3ffe::3: 
ESP(spi=0x554fbe32,seq=0xb6)
         16:18:33.285262 
71d4:c22d:f12e:7785:d8e2:9ea1:2be3:918a > 
5291:cea2:5d13:287d:faeb:27ef:148c:1af8: 
ESP(spi=0xcac1f47e,seq=0x9f)

     We see HIT's in one direction (both src and dst) and 
IP's in the reverse direction (both src and dst also). 
This is a different situation from that presented before.
     Is this the cosmetic problem you talked about in 
earlier mails, or is it something else ?
     We assume that the capture is being done before the 
HIT's are replaced, but where and why does this happen ?


     Thank You,

        Alfredo Matos and Justino Santos

• Follow-Ups:
  • [hipl-users] Re: HIT in the IPSEC payload ??
    • From: Mika Kousa

Other related posts:

• » [hipl-users] HIT in the IPSEC payload ??
• » [hipl-users] Re: HIT in the IPSEC payload ??
• » [hipl-users] Re: HIT in the IPSEC payload ??
• » [hipl-users] Re: HIT in the IPSEC payload ??
• » [hipl-users] Re: HIT in the IPSEC payload ??
• » [hipl-users] Re: HIT in the IPSEC payload ??
• » [hipl-users] Re: HIT in the IPSEC payload ??
• » [hipl-users] Re: HIT in the IPSEC payload ??

1. Home
2. hipl-users
3. Archive
4. 11-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---