[Snort-users] Detecting IPSEC traffic?

Zarathustra Ubermensch zubermensch at ...125...
Tue Nov 20 04:06:04 EST 2001


Is there any way to detect IPSEC ESP traffic (protocol 50) with snort? I 
know I can pick up some of this communication by looking for IKE traffic on 
udp/500, but not all IPSEC traffic uses IKE.

I basically just want to check for any IPSEC activity and don't really care 
about packet decodes. I'm interested in seeing who is attempting 
communication to certain resources on my LAN

Thanks a lot for any help you can give!

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp





More information about the Snort-users mailing list