Ethereal-users: Re: [Ethereal-users] Ethereal and ISAKMP/ESP sniffing

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
From: Paul Hoffman / VPNC <paul.hoffman@xxxxxxxx>
Date: Sun, 31 Oct 2004 17:43:47 -0700
At 9:44 PM -0700 10/27/04, Hensley, Bill (Space Technology) wrote:

I've got a problem with using Ethereal. I used an earlier Ethereal (0.7, I think) to monitor an IPSec session between a number of machines on a hub-connected network.

I am now using Ethereal (0.10.6) on a Windows 2000 box with a NIC that is known to operate in promiscuous mode. The machine is seeing all of the broadcast traffic on the wire, but it's not seeing anything else unless it's directed specifically at the machine. I've run through the troubleshooting on the website, read the FAQs, and extensively searched Google (web and groups). One guy here thinks that it has something to do with IPSec encrypting the headers of the packets, but since we can's see the clear pings either I don't think it's an IPSec problem.

We use tethereal 0.10.0 for sniffing IPsec all the time, no problem. (For examples, see the links off of <http://www.vpnc.org/detail-basic-interop.html>.) I suspect, as the other person said, you're on a switch, not a hub; you might even be on a switch that says it's a hub but it's not.

--Paul Hoffman, Director
--VPN Consortium