Argus and IPsec traffic
Carter Bullard
carter at qosient.com
Wed Mar 14 15:46:47 EST 2001
Hey Peter,
If the two flows share the same SPI, the
Security Payload Indicator (?), then they will be
mapped to the same flow. Some vpn's do end up
with the spi's the same for the two independent
channels, so that's a bonus, but not all do that.
raxml() will printout the spi's for you. Don't
have a place to put it in the normal ra() output,
yet.
Carter
Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York 10022
carter at qosient.com
Phone +1 212 588-9133
Fax +1 212 588-9134
http://qosient.com
> -----Original Message-----
> From: Peter Van Epp [mailto:vanepp at sfu.ca]
> Sent: Wednesday, March 14, 2001 3:36 PM
> To: Carter Bullard
> Subject: Re: Argus problems and OS types
>
>
> An oddness (which may or may not be a problem): argus
> doesn't seem
> to establish bidirectional flows for IPSEC traffic. I expect
> this is a
> successful 2 way communication but ra is reporting it as
> different flows
> (which may be correct under ra rules):
>
> 14 Mar 01 08:47:52 esp 192.75.242.73 ->
> 142.58.200.64 114 0 11268 0 INT
> 14 Mar 01 08:47:52 esp 142.58.200.64 ->
> 192.75.242.73 89 0 15514 0 INT
>
> I'd have expected this to show up as a single flow with
> a <-> although
> the encryption may be keeping that from happening (since all
> you will have
> is the external wrapper headers).
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20010314/b1c2b7d9/attachment.html>
More information about the argus
mailing list