IPSec over TCP
Lennart Sorensen
lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org
Fri Dec 2 17:57:20 UTC 2005
On Wed, Nov 30, 2005 at 06:23:56PM -0500, Byron Sonne wrote:
> Hey Folks,
>
> Seems that 500/UDP is the main focus for IPSec. However, I need to be
> able to detect IPSec running over TCP, and of all the things I've played
> around with (gear at work running IPSec, swan, isakmpd, etc.) 500/TCP
> never seems to be open.
>
> I don't need to actually have working communications and info exchange
> between entities, etc. I'm not interested in creating a viable network.
> What I do want to get is a server setup that listens on 500/TCP for
> IPSec stuff so I can attempt to tickle responses out of it, and I'm not
> having any luck.
>
> Can anyone give me some pointers? I'd appreciate it! (or a live IP
> listening on 500/TCP that doesn't mind some heavy probing ;)
I believe IPsec as per the standard runs on port udp/500 and uses
protocol esp and/or ah for key exchange. I don't think it uses any tcp
at all since to do so would add requirements to traffic such as udp
which do not desire and would potentially waste bandwidth and other
resources.
Many VPN systems other then IPsec do run over tcp but htey are not
IPsec.
Lennart Sorensen
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list