|Skip Navigation Links|
|Exit Print View|
|Securing the Network in Oracle Solaris 11.1 Oracle Solaris 11.1 Information Library|
The snoop command can parse AH and ESP headers. Because ESP encrypts its data, the snoop command cannot see encrypted headers that are protected by ESP. AH does not encrypt data. Therefore, traffic that is protected by AH can be inspected with the snoop command. The -V option to the command shows when AH is in use on a packet. For more details, see the snoop(1M) man page.
For a sample of verbose snoop output on a protected packet, see How to Verify That Packets Are Protected With IPsec.
Third-party network analyzers are also available, such as the free open-source software Wireshark, which is bundled with this release.