From owner-freebsd-questions  Tue Dec 11 10:36:58 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from mail.27in.tv (roc-66-24-112-7.rochester.rr.com [66.24.112.7])
	by hub.freebsd.org (Postfix) with ESMTP id 3A3FA37B43E
	for <freebsd-questions@freebsd.org>; Tue, 11 Dec 2001 10:36:46 -0800 (PST)
Received: (from root@localhost)
	by mail.27in.tv (8.11.6/8.11.6) id fBBIajR27699
	for freebsd-questions@freebsd.org; Tue, 11 Dec 2001 13:36:45 -0500 (EST)
	(envelope-from cjm2@27in.tv)
Received: from 27in.tv (localhost [127.0.0.1])
	by mail.27in.tv (8.11.6/8.11.6av) with SMTP id fBBIaiP27691
	for <freebsd-questions@freebsd.org>; Tue, 11 Dec 2001 13:36:44 -0500 (EST)
	(envelope-from cjm2@27in.tv)
From: cjm2@27in.tv
Received: from 216.153.201.254
        (SquirrelMail authenticated user cjm2)
        by www.27in.tv with HTTP;
        Tue, 11 Dec 2001 13:36:44 -0500 (EST)
Message-ID: <3601.216.153.201.254.1008095804.squirrel@www.27in.tv>
Date: Tue, 11 Dec 2001 13:36:44 -0500 (EST)
Subject: ipsec & tcpdump
To: <freebsd-questions@freebsd.org>
Importance: Normal
X-MSMail-Priority: Normal
X-Priority: 3
X-Mailer: SquirrelMail (version 1.2.0 [rc2])
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: by AMaViS perl-11
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hello,

I am running 4.4-STABLE.  I have an ipsec/ESP tunnel to another box.  I am
trying to find out if there is any way to view the tcp/ip traffic (w/
tcpdump) that is going over that tunnel.  Not being able to view this
traffic is making troubleshooting some other issues rather difficult.

My ifconfig reads: (Public ip's have been faked to protect the innocent.)
dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
        ether 00:c0:f0:4d:f6:9f
        media: Ethernet autoselect (100baseTX)
        status: active
ed0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 1.2.3.4 netmask 0xfffffc00 broadcast 255.255.255.255
        ether 00:00:e8:d7:ef:3c
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1 netmask 0xff000000
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
        tunnel inet 1.2.3.4 --> 5.6.7.8
        inet 10.0.0.1 --> 192.168.0.1 netmask 0xffffff00

My ip is 10.0.0.1 and the remote ip is 192.168.0.1.  As a test I setup a
ping to 192.168.0.1

"tcpdump -i ed0 proto 1" shows me the ESP packets
"tcpdump -i dc0 proto 1" shows me nothing.
"tcpdump -i gif0 proto 1" shows me nothing.  In addition, no packets ever
seem to pass through gif0 (from a tcpdump point of view).

Any assistance at all would be greatly appreciated.

Thanks,
--Chris



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message