Když zachytávám přes su(do) tcpdump se stejným filtrem pakety, tak na androidu mi jich zachytí méně (za stejné období 24 oproti 87)
Proč tomu tak je?
Konkrétně jde o UDP pakety na výpisu s označením nat-isakmp-keepalive : na druhém výpisu z telefonu, chybí. Mělo by jít o IPSec tunel.
Nemůže právě odtud IPSec # Implementations vítr vát ? Zde se píše o dvou implementacích stacku.
Může nějak to mluvit i následně do toho, co tcpdump/uvidí/zachytí?
Jaké je vysvětlení, že ty pakety tam prostě nejsou? (Pro potvrzení, na routeru jsem capturoval taky i vnější rozhraní a pakety tam viděl, tedy stejný výsledek jako na vnitřením rozhraní)
Jde jen o útržek z logu, nechtěl jsem postovat všech 87 řádkůsu -c " tcpdump -ni wlan0 'port 4500 || port 500|| net 62.0.0.0/8 '" -t
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan0, link-type EN10MB (Ethernet), capture size 262144 bytes
IP 192.168.3.26.41404 > 62.33.99.59.4500: NONESP-encap: isakmp: child_sa inf2[I]
IP 62.33.99.59.4500 > 192.168.3.26.41404: NONESP-encap: isakmp: child_sa inf2[R]
IP 192.168.3.26.41404 > 62.33.99.59.4500: NONESP-encap: isakmp: child_sa inf2[I]
IP 62.33.99.59.4500 > 192.168.3.26.41404: NONESP-encap: isakmp: child_sa inf2[R]
IP 192.168.3.26.41404 > 62.33.99.59.4500: NONESP-encap: isakmp: child_sa inf2[I]
IP 62.33.99.59.4500 > 192.168.3.26.41404: NONESP-encap: isakmp: child_sa inf2[R]
IP 192.168.3.26.41404 > 62.33.99.59.4500: NONESP-encap: isakmp: child_sa inf2[I]
IP 62.33.99.59.4500 > 192.168.3.26.41404: NONESP-encap: isakmp: child_sa inf2[R]
IP 192.168.3.26.41404 > 62.33.99.59.4500: NONESP-encap: isakmp: child_sa inf2[I]
IP 62.33.99.59.4500 > 192.168.3.26.41404: NONESP-encap: isakmp: child_sa inf2[R]
IP 192.168.3.26.41404 > 62.33.99.59.4500: NONESP-encap: isakmp: child_sa inf2[I]
IP 62.33.99.59.4500 > 192.168.3.26.41404: NONESP-encap: isakmp: child_sa inf2[R]
IP 192.168.3.26.41404 > 62.33.99.59.4500: NONESP-encap: isakmp: child_sa inf2[I]
IP 62.33.99.59.4500 > 192.168.3.26.41404: NONESP-encap: isakmp: child_sa inf2[R]
IP 192.168.3.26.41404 > 62.33.99.59.4500: NONESP-encap: isakmp: child_sa inf2[I]
IP 62.33.99.59.4500 > 192.168.3.26.41404: NONESP-encap: isakmp: child_sa inf2[R]
IP 192.168.3.26.41404 > 62.33.99.59.4500: NONESP-encap: isakmp: child_sa inf2[I]
IP 62.33.99.59.4500 > 192.168.3.26.41404: NONESP-encap: isakmp: child_sa inf2[R]
IP 192.168.3.26.41404 > 62.33.99.59.4500: NONESP-encap: isakmp: child_sa inf2[I]
IP 62.33.99.59.4500 > 192.168.3.26.41404: NONESP-encap: isakmp: child_sa inf2[R]
IP 192.168.3.26.41404 > 62.33.99.59.4500: NONESP-encap: isakmp: child_sa child_sa[I]
IP 62.33.99.59.4500 > 192.168.3.26.41404: NONESP-encap: isakmp: child_sa child_sa[R]
IP 192.168.3.26.41404 > 62.33.99.59.4500: NONESP-encap: isakmp: child_sa inf2[I]
IP 62.33.99.59.4500 > 192.168.3.26.41404: NONESP-encap: isakmp: child_sa inf2[R]
^C
24 packets captured
24 packets received by filter
0 packets dropped by kernel
Na routeru:
sudo tcpdump -ti eth0 "port 4500 || net
62.0.0.0/8 || port 500" -n
IP 192.168.3.26.41404 > 62.33.99.59.4500: isakmp-nat-keep-alive
IP 192.168.3.26.41404 > 62.33.99.59.4500: isakmp-nat-keep-alive
IP 192.168.3.26.41404 > 62.33.99.59.4500: isakmp-nat-keep-alive
IP 192.168.3.26.41404 > 62.33.99.59.4500: NONESP-encap: isakmp:
IP 62.33.99.59.4500 > 192.168.3.26.41404: NONESP-encap: isakmp:
IP 192.168.3.26.41404 > 62.33.99.59.4500: isakmp-nat-keep-alive
IP 192.168.3.26.41404 > 62.33.99.59.4500: isakmp-nat-keep-alive
IP 192.168.3.26.41404 > 62.33.99.59.4500: isakmp-nat-keep-alive
IP 192.168.3.26.41404 > 62.33.99.59.4500: isakmp-nat-keep-alive
IP 192.168.3.26.41404 > 62.33.99.59.4500: isakmp-nat-keep-alive
IP 192.168.3.26.41404 > 62.33.99.59.4500: isakmp-nat-keep-alive
IP 192.168.3.26.41404 > 62.33.99.59.4500: NONESP-encap: isakmp:
IP 62.33.99.59.4500 > 192.168.3.26.41404: NONESP-encap: isakmp:
IP 192.168.3.26.41404 > 62.33.99.59.4500: isakmp-nat-keep-alive
IP 192.168.3.26.41404 > 62.33.99.59.4500: isakmp-nat-keep-alive
IP 192.168.3.26.41404 > 62.33.99.59.4500: isakmp-nat-keep-alive
IP 192.168.3.26.41404 > 62.33.99.59.4500: isakmp-nat-keep-alive
IP 192.168.3.26.41404 > 62.33.99.59.4500: isakmp-nat-keep-alive
IP 192.168.3.26.41404 > 62.33.99.59.4500: isakmp-nat-keep-alive
IP 192.168.3.26.41404 > 62.33.99.59.4500: NONESP-encap: isakmp:
IP 62.33.99.59.4500 > 192.168.3.26.41404: NONESP-encap: isakmp:
IP 192.168.3.26.41404 > 62.33.99.59.4500: isakmp-nat-keep-alive
IP 192.168.3.26.41404 > 62.33.99.59.4500: isakmp-nat-keep-alive
IP 192.168.3.26.41404 > 62.33.99.59.4500: isakmp-nat-keep-alive
IP 192.168.3.26.41404 > 62.33.99.59.4500: isakmp-nat-keep-alive
IP 192.168.3.26.41404 > 62.33.99.59.4500: isakmp-nat-keep-alive
87 packets captured
87 received
0 dropped
Verze na androidu(kde je méně paketů) je :
su -c tcpdump --version tcpdump version 4.9.2 libpcap version 1.9.0-PRE-GIT (with TPACKET_V3) BoringSSL
Na routeru:
tcpdump --version
tcpdump version 4.9.3
libpcap version 1.8.1
OpenSSL 1.1.1d 10 Sep 2019