To verify that packets are protected, test the connection with the snoop command. The following prefixes can appear in the snoop output:
AH: Prefix indicates that AH is protecting the headers. You see this prefix if you used auth_alg to protect the traffic.
ESP: Prefix indicates that encrypted data is being sent. You see this prefix if you used encr_auth_alg or encr_alg to protect the traffic.
Before You Begin
You must have access to both systems to test the connection.
You must assume the root role to create the snoop output. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .
% su - Password: xxxxxxxx #
# ipseckey dump
This output indicates which SPI values match the SAs that are used, which algorithms were used, the keys, and so on.
In a terminal window on partym, snoop the packets from the enigma system.
# snoop -d net0 -o /tmp/snoop_capture enigma Using device /dev/e1000g (promiscuous mode)
In another terminal window, remotely log in to the enigma system. Provide your password. Then, assume the root role and send a packet from the enigma system to the partym system. The packet should be captured by the snoop -v enigma command.
partym% ssh enigma Password: xxxxxxxx enigma% su - Password: xxxxxxxx enigma# ping partym
partym# snoop -i /tmp.snoop_capture -v
You can also load the snoop output into the Wireshark application. For more information, see How to Prepare IPsec and IKE Systems for Troubleshooting and snoop Command and IPsec.
In the file, you should see output that includes AH and ESP information after the initial IP header information. AH and ESP information that resembles the following shows that packets are being protected:
IP: Time to live = 64 seconds/hops IP: Protocol = 51 (AH) IP: Header checksum = 4e0e IP: Source address = 192.168.116.16, enigma IP: Destination address = 192.168.13.213, partym IP: No options IP: AH: ----- Authentication Header ----- AH: AH: Next header = 50 (ESP) AH: AH length = 4 (24 bytes) AH: <Reserved field = 0x0> AH: SPI = 0xb3a8d714 AH: Replay = 52 AH: ICV = c653901433ef5a7d77c76eaa AH: ESP: ----- Encapsulating Security Payload ----- ESP: ESP: SPI = 0xd4f40a61 ESP: Replay = 52 ESP: ....ENCRYPTED DATA.... ETHER: ----- Ether Header ----- ...