Re: SunScreen troubleshooting tips?

From: Valerie Anne Bubb (Valerie.Bubb@Sun.COM)
Date: 01/18/02


Date: Fri, 18 Jan 2002 10:59:37 -0800 (PST)
From: Valerie Anne Bubb <Valerie.Bubb@Sun.COM>
To: focus-sun@securityfocus.com, amaret@tradewinds-solutions.com


>From: amaret@tradewinds-solutions.com
>
[...]
>
>I'd also like to snoop on the VPN's traffic only. If I'm right there is no
>"virtual interface" tied to
>the VPN so I can't use snoop's "-d" switch. How ?

Alex -

I believe your other questions have been addressed.
What are you expecting to see while snooping the VPN traffic?
It should all be encrypted, so it won't look like much.

Looking at your original diagram, simply snooping on "snoop -d hme1"
will be the "vpn interface". SKIP (actually in your case,
sunscreen_skip) plumbs directly onto the physical (and any associated
virtual) interface.

What type of problem are you trying to diagnose?

Valerie

--
valerie.bubb@sun.com
bubb@bubb.org



Relevant Pages

  • Re: inout signal in an interface
    ... correct scheme for your testbench-style interface is... ... interface cpu_if(input bit reset, input bit clock); ... // Connect the virtual interface to the real one ...
    (comp.lang.verilog)
  • cisco VPN ipsec tunnel virtual interface operation detail question
    ... Basically I am not clear about the virtual interface and physical ... interface interaction in the whole communication process, ... VPN server CISCO VPN concentrator 3000, ... interface get activated and routing table get changed. ...
    (comp.dcom.sys.cisco)
  • cisco VPN ipsec tunnel virtual interface operation detail question
    ... Basically I am not clear about the virtual interface and physical ... interface interaction in the whole communication process, ... VPN server CISCO VPN concentrator 3000, ... interface get activated and routing table get changed. ...
    (comp.dcom.vpn)
  • Re: Defualt ip address out
    ... interface and/or it's IP address that changed, ... routing, and what purpose the virtual interface eth0:1 is serving I cannot ... What error messages does ssh, etc give you, exactly? ...
    (Security-Basics)
  • Re: Trying to make a Host into a gigabit hub for testing
    ... try to set multiple hooks to the same interface it fails, ... virtual interface out multiple different interfaces, ... Before sending 3 pings accross em2: ... Opkts Oerrs ...
    (freebsd-net)