--- Begin Message ---
On Thu, 6 Aug 2020 11:19:21 -0600
Philip Prindeville via tcpdump-workers
<tcpdump-workers@lists.tcpdump.org> wrote:
> Hi.
>
> I’m trying to debug a Strongswan config and wanted to verify that my
> GRE traffic is being encapsulated properly by IPSec. “Tcpdump” to
> the rescue. Well, almost.
>
> So I was trying to use “ip xfrm state” to get the SPI and sessions
> keys, and then run "tcpdump … -E spi@addr aes-cbc:key” but tcpdump
> doesn’t support aes-cbc apparently (despite traffic on the list from
> 2004 threatening to add support in 3.8.4).
Hello Philip.
I had similar experience in 2019. If that's the tcpdump that comes with
CentOS 8, that would likely be version 4.9.x. Please retest using
tcpdump built from the git master branch, Guy had cleaned the ESP
decoder up in early 2020. That among other things fixed the cipher
name parsing, which may be the cause of the error. AFAIK the cipher
name finally can be anything that OpenSSL recognises as such.
--
Denis Ovsienko
--- End Message ---
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
