snoop Command
The snoop command can now parse AH and ESP headers. Because ESP encrypts its data, the snoop command cannot see encrypted headers that are protected by ESP. AH does not encrypt data, so traffic can still be inspected with this command. The snoop -V option shows when AH is in use on a packet. See the snoop(1M) man page for more details.
For a sample of verbose snoop output on a protected packet, see How to Verify That Packets Are Protected.
- © 2010, Oracle Corporation and/or its affiliates