Daniel Underwood wrote: > Hi folks: > > (1) I'm only used Wireshark and Ethereal to inspect network traffic, > and I've only used these on several occasion. Would someone suggest > FreeBSD alternatives (console or xserver based?
tcpdump(1). It can save to a pcap file for later review within Wireshark if required. > (2) I'm testing my connection to a remote server. The connection is > supposed to be encrypted. What's the easiest way to verify that the > data is in fact being encrypted? I don't care to validate the > encryption itself; I trust that it is working properly, if it's > working at all. I just want to know what, if anything, I can look for > in the traffic that will indicate encryption (e.g., is the initiation > of key-exchanges easy to locate?). It depends on the traffic type, and the protocol. When in doubt, you could always capture the entire packet, dump them into a file, and then review the data to ensure it isn't in plaintext: # tcpdump -n -i em5 -s 0 -w /var/log/cap.pcap host x.x.x.x and port xxxx Then you can read it back in with tcpdump later, or scp the file to a GUI based workstation and view it in Wireshark (which is my preference). Wireshark displaying SSH traffic will for instance tell you straight-up in the Info field that the packet is "Encrypted response packet len=xxx". It does the same for IPSec etc. Steve
smime.p7s
Description: S/MIME Cryptographic Signature