Tobias, Thanks for you clarification.
Yes, I use the Wireshark located at the same machine with StrongSwan. I have other question about this. Why it only happens when the ESP protects a Tunnel mode IP traffic. I have never seen that plain text under the transport model. And also does that means the the Linux Kernal knows the SA Key which established between Strongswan and my implementation, otherwise how it could decrypt the ESP packet. Thanks Michalle > Date: Mon, 20 Sep 2010 10:33:50 +0200 > From: [email protected] > To: [email protected] > CC: [email protected] > Subject: Re: [strongSwan] FW: Is that a security Issue? > > Hi Michalle, > > > there will be a plain text of ICMP echo request (which decrypyt the > > orignial ESP packet from my implementation) in the network. > > You didn't write on which host you captured the packets with Wireshark. If it > was on the same host on which strongSwan was running then this behavior is > normal. It is a quirk of the Linux kernel that for incoming traffic both the > ESP packet and the decrypted payload are captured and that for outgoing > traffic > only encrypted ESP packets are visible. > > Regards, > Tobias >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
