[Snort-users] dump of IPSEC and PPTP

Matt Kettler mkettler at ...4108...
Wed May 14 15:50:05 EDT 2003

I don't have packet dumps, but I can point you to some tech specs that 
specify the formats

In the case of IPsec specs are probably better anyway, there's a lot of 
different possible packet configurations for "Ipsec".
For example is it ESP only, or is it ESP and AH. Is there authentication in 
the ESP layer as well as encryption? Are you interested in ISAKMP formats 
for key exchanges well as data packet formats?



IPSEC: (general charter with links to protocol RFCs)

ESP (the general encryption/authentication layer for ipsec)

AH (an authentication only layer for ipsec)

ISAKMP (a udp based key exchange protocol for ipsec)

At 03:16 PM 5/14/2003 -0600, dreamwvr at ...5274... wrote:
>   Anyone happen to have full sample packets of IPSEC and PPTPw/GRE and 
> MPPE ?
>I do not have access to a windows vpn just now for the PPTPvpn or currently a
>IPSEC FreeSWAN vpn. Would appreciate a dump to ascii files so I can analyse
>all the differences. This is OT so sorry if it does not meet
>criteria. Please send off list if possible.
>Best Regards,
>dreamwvr at ...5274...

More information about the Snort-users mailing list