To verify that packets are protected, test the connection with the snoop command. The following prefixes can appear in the snoop output:
AH: Prefix indicates that AH is protecting the headers. You see AH: if you used auth_alg to protect the traffic.
ESP: Prefix indicates that encrypted data is being sent. You see ESP: if you used encr_auth_alg or encr_alg to protect the traffic.
You must be superuser or have assumed an equivalent role to read the snoop output. You must have access to both systems to test the connection.
On one system, such as partym, become superuser.
% su Password: Type root password # |
In a terminal window, begin to snoop the packets from a remote system, such as the enigma system.
# snoop -v enigma Using device /dev/hme (promiscuous mode) |
In another terminal window, remotely log in to the enigma system. Provide your password. Then, become superuser, and send a packet from the enigma system to the partym system.
% rlogin enigma Password: Type your password % su Password: Type root password # ping partym |
In the snoop window on the partym system, you should see output that is similar to the following:
IP: Time to live = 64 seconds/hops IP: Protocol = 51 (AH) IP: Header checksum = 4e0e IP: Source address = 192.168.116.16, enigma IP: Destination address = 192.168.13.213, partym IP: No options IP: AH: ----- Authentication Header ----- AH: AH: Next header = 50 (ESP) AH: AH length = 4 (24 bytes) AH: <Reserved field = 0x0> AH: SPI = 0xb3a8d714 AH: Replay = 52 AH: ICV = c653901433ef5a7d77c76eaa AH: ESP: ----- Encapsulating Security Payload ----- ESP: ESP: SPI = 0xd4f40a61 ESP: Replay = 52 ESP: ....ENCRYPTED DATA.... ETHER: ----- Ether Header ----- ETHER: ETHER: Packet 20 arrived at 9:44:36.59 ETHER: Packet size = 98 bytes ETHER: Destination = 8:0:27:aa:11:11, Sun ETHER: Source = 8:0:22:aa:22:2, Sun ETHER: Ethertype = 0800 (IP) ETHER: IP: ----- IP Header ----- IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. .... = 0 (precedence) IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: .... ..0. = not ECN capable transport IP: .... ...0 = no ECN congestion experienced IP: Total length = 84 bytes IP: Identification = 40933 IP: Flags = 0x4 IP: .1.. .... = do not fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 60 seconds/hops IP: Protocol = 51 (AH) IP: Header checksum = 22cc … |