July 3rd, 2003, 02:35 AM
What is the tcpdump -E option is used for in encryption?
Can anyone explain this possibly with a tutorial or example?
July 3rd, 2003, 04:19 AM
-E Use algo:secret for decrypting IPsec ESP packets.
Algorithms may be des-cbc, 3des-cbc, blowfish-cbc,
rc3-cbc, cast128-cbc, or none. The default is des-
cbc. The ability to decrypt packets is only pre*
sent if tcpdump was compiled with cryptography
enabled. secret the ascii text for ESP secret key.
We cannot take arbitrary binary value at this
moment. The option assumes RFC2406 ESP, not
RFC1827 ESP. The option is only for debugging pur*
poses, and the use of this option with truly
`secret' key is discouraged. By presenting IPsec
secret key onto command line you make it visible to
others, via ps(1) and other occasions.