To verify that packets are protected, test the connection with the snoop command. The following prefixes can appear in the snoop output:
AH: Prefix indicates that AH is protecting the headers. You see this prefix if you used auth_alg to protect the traffic.
ESP: Prefix indicates that encrypted data is being sent. You see this prefix if you used encr_auth_alg or encr_alg to protect the traffic.
Before You Begin
You must have access to both systems to test the connection.
You must assume the root role to create the snoop output. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.
% su - Password: xxxxxxxx #
# ipseckey dump
This output indicates which SPI values match the SAs that are used, which algorithms were used, the keys, and so on.
In a terminal window on host2, snoop the packets from the host1 system.
# snoop -d net0 -o /tmp/snoop_capture host1 Using device /dev/xxx (promiscuous mode)
In another terminal window, remotely log in to the host1 system. Provide your password. Then, assume the root role and send a packet from the host1 system to the host2 system. The packet should be captured by the snoop -v host1 command.
host2% ssh host1 Password: xxxxxxxx host1% su - Password: xxxxxxxx host1# ping host2
host2# snoop -i /tmp.snoop_capture -v
You can also load the snoop output into the Wireshark application. For more information, see How to Prepare IPsec and IKE Systems for Troubleshooting and snoop Command and IPsec.
In the file, you should see output that includes AH and ESP information after the initial IP header information. AH and ESP information that resembles the following shows that packets are being protected:
IP: Time to live = 64 seconds/hops IP: Protocol = 51 (AH) IP: Header checksum = 4e0e IP: Source address = 198.51.100.6, host1 IP: Destination address = 198.51.100.33 host2 IP: No options IP: AH: ----- Authentication Header ----- AH: AH: Next header = 50 (ESP) AH: AH length = 4 (24 bytes) AH: <Reserved field = 0x0> AH: SPI = 0xb3a8d714 AH: Replay = 52 AH: ICV = c653901433ef5a7d77c76eaa AH: ESP: ----- Encapsulating Security Payload ----- ESP: ESP: SPI = 0xd4f40a61 ESP: Replay = 52 ESP: ....ENCRYPTED DATA.... ETHER: ----- Ether Header ----- ...